Ability to use HTTPS for ALL consul CLI commands

[tniswong]

Consul 0.6.4

Relevant configuration:

{
  "ports": {
    "http": -1,
    "https": 8500
  },

  "key_file": "/tmp/consul.key",
  "cert_file": "/tmp/consul.crt",
  "ca_file": "/tmp/ca.crt",

  "verify_incoming": false,
  "verify_outgoing": true,
  "verify_server_hostname": true
}

I have a consul cluster with HTTP disabled in favor of HTTPS listening on 8500. It is currently not possible to communicate with this cluster using the consul CLI, as it only supports HTTP and not HTTPS.

There are currently no options available to specify a communication scheme.

So, now, I have to manually implement a Semaphore/lock algorithm instead of using the out of the box consul lock ... command, which would be sooo much easier.

Here's the error that will occur if you try.

Error querying Consul agent: Get http://127.0.0.1:8500/v1/agent/self: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

[slackpad]

We should sweep through the full CLI set and make sure this works and is documented. This is also a good time to switch the common options to use common parsing code and the partial for the docs that was added for the new KV CLI.

[jefflill]

Did this make it into 0.7.4 or are you targeting 8.0.0 now?

[kyhavlov]

This is being done now for 0.8 as part of some work to centralize and clean up the command line parsing of flags in general.

[jefflill]

Cool. Thanks for the update.

[kyhavlov]

If anyone needs this capability in current/older versions, the only way to use https in the CLI was by setting the CONSUL_HTTP_SSL environment var to true.

In 0.8.0, passing -http-addr=https://127.0.0.1:8501 will work, too.

[wyardley]

@kyhavlov fwiw, consul lock -http-addr=127.0.0.1:8501 works for me also, with

axs1-qa [qa] centos@manager-i-2d93e6f4:~ $ consul --version
Consul v0.7.1