Consul api calls on http for localhost but on https for external calls

We have a cluster where consul is tls enabled and running on https://:8501/ on all nodes. This uses a self-signed ca.

Is there a way to make only localhost consul calls on http while consul is https enabled? We essentially want this to avoid every nomad job talking to local consul having to add ca in the api requests.

Hey @gulavanir

Yep, you can set both http and https addresses for consul and it will listen for both. You do that by specifying both ports under ports configuration. For localhost calls, I’d also recommend setting the http bind address to be via the addresses configuration so that the http api isn’t accidentally exposed outside of that localhost traffic.

1 Like