# Security Fluent Bit provides integrated support for *Transport Layer Security* (TLS) and it predecessor *Secure Sockets Layer* (SSL) respectively. In this section we will refer as TLS only for both implementations. Each output plugin that requires to perform Network I/O can optionally enable TLS and configure the behavior. The following table describes the properties available: | Property | Description | Default | | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- | | tls | enable or disable TLS support | Off | | tls.verify | force certificate validation | On | | tls.debug | Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose | 1 | | tls.ca\_file | absolute path to CA certificate file | | | tls.ca\_path | absolute path to scan for certificate files | | | tls.crt\_file | absolute path to Certificate file | | | tls.key\_file | absolute path to private Key file | | | tls.key\_passwd | optional password for tls.key\_file file | | | tls.vhost | hostname to be used for TLS SNI extension | | The listed properties can be enabled in the configuration file, specifically on each output plugin section or directly through the command line. The following **output** plugins can take advantage of the TLS feature: * [Azure](/manual/1.4/pipeline/outputs/azure.md) * [BigQuery](/manual/1.4/pipeline/outputs/bigquery.md) * [Datadog](/manual/1.4/pipeline/outputs/datadog.md) * [Elasticsearch](/manual/1.4/pipeline/outputs/elasticsearch.md) * [Forward](/manual/1.4/pipeline/inputs/forward.md) * [GELF](/manual/1.4/pipeline/outputs/gelf.md) * [HTTP](/manual/1.4/pipeline/outputs/http.md) * [InfluxDB](/manual/1.4/pipeline/outputs/influxdb.md) * [Kafka REST Proxy](/manual/1.4/pipeline/outputs/kafka-rest-proxy.md) * Slack * [Splunk](/manual/1.4/pipeline/outputs/splunk.md) * [Stackdriver](/manual/1.4/pipeline/outputs/stackdriver.md) * [TCP & TLS](/manual/1.4/pipeline/outputs/tcp-and-tls.md) * [Treasure Data](/manual/1.4/pipeline/outputs/treasure-data.md) In addition, other plugins implements a sub-set of TLS support, meaning, with restricted configuration: * [Kubernetes Filter](/manual/1.4/pipeline/filters/kubernetes.md) ## Example: enable TLS on HTTP output By default HTTP output plugin uses plain TCP, enabling TLS from the command line can be done with: ``` $ fluent-bit -i cpu -t cpu -o http://192.168.2.3:80/something \ -p tls=on \ -p tls.verify=off \ -m '*' ``` In the command line above, the two properties *tls* and *tls.verify* where enabled for demonstration purposes (we strongly suggest always keep verification ON). The same behavior can be accomplished using a configuration file: ``` [INPUT] Name cpu Tag cpu [OUTPUT] Name http Match * Host 192.168.2.3 Port 80 URI /something tls On tls.verify Off ``` ## Tips and Tricks ### Connect to virtual servers using TLS Fluent Bit supports [TLS server name indication](https://en.wikipedia.org/wiki/Server_Name_Indication). If you are serving multiple hostnames on a single IP address (a.k.a. virtual hosting), you can make use of `tls.vhost` to connect to a specific hostname. ``` [INPUT] Name cpu Tag cpu [OUTPUT] Name forward Match * Host 192.168.10.100 Port 24224 tls On tls.verify On tls.ca_file /etc/certs/fluent.crt tls.vhost fluent.example.com ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fluentbit.io/manual/1.4/administration/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.