wezterm/docs/config/lua/TlsDomainClient.md

# TlsDomainClient

The `TlsDomainClient` struct specifies information about how to connect
to a [TLS Domain](../../multiplexing.md#tls-domains).

It is a lua object with the following fields:

```lua
{
    -- The name of this specific domain.  Must be unique amongst
    -- all types of domain in the configuration file.
    name = "server.name",

    -- If set, use ssh to connect, start the server, and obtain
    -- a certificate.
    -- The value is "user@host:port", just like "wezterm ssh" accepts.
    bootstrap_via_ssh = "server.hostname",

    -- identifies the host:port pair of the remote server.
    remote_address = "server.hostname:8080",

    -- the path to an x509 PEM encoded private key file.
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_private_key = "/some/path/key.pem",

    -- the path to an x509 PEM encoded certificate file
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_cert = "/some/path/cert.pem",

    -- the path to an x509 PEM encoded CA chain file
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_ca = "/some/path/ca.pem",

    -- A set of paths to load additional CA certificates.
    -- Each entry can be either the path to a directory or to a PEM encoded
    -- CA file.  If an entry is a directory, then its contents will be
    -- loaded as CA certs and added to the trust store.
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_root_certs = { "/some/path/ca1.pem", "/some/path/ca2.pem" },

    -- explicitly control whether the client checks that the certificate
    -- presented by the server matches the hostname portion of
    -- `remote_address`.  The default is true.  This option is made
    -- available for troubleshooting purposes and should not be used outside
    -- of a controlled environment as it weakens the security of the TLS
    -- channel.
    -- accept_invalid_hostnames = false,

    -- the hostname string that we expect to match against the common name
    -- field in the certificate presented by the server.  This defaults to
    -- the hostname portion of the `remote_address` configuration and you
    -- should not normally need to override this value.
    -- expected_cn = "other.name",

    -- If true, connect to this domain automatically at startup
    -- connect_automatically = false,

    -- Specify an alternate read timeout
    -- read_timeout = 60,

    -- Specify an alternate write timeout
    -- write_timeout = 60,

    -- The path to the wezterm binary on the remote host
    -- remote_wezterm_path = "/home/myname/bin/wezterm"
}
```
docs: document various missing things refs: https://github.com/wez/wezterm/issues/63 refs: https://github.com/wez/wezterm/issues/461 2021-02-20 20:43:37 +03:00			`# TlsDomainClient`

			The `TlsDomainClient` struct specifies information about how to connect
			`to a [TLS Domain](../../multiplexing.md#tls-domains).`

			`It is a lua object with the following fields:`

			```lua
			`{`
			`-- The name of this specific domain. Must be unique amongst`
			`-- all types of domain in the configuration file.`
			`name = "server.name",`

			`-- If set, use ssh to connect, start the server, and obtain`
			`-- a certificate.`
			`-- The value is "user@host:port", just like "wezterm ssh" accepts.`
			`bootstrap_via_ssh = "server.hostname",`

			`-- identifies the host:port pair of the remote server.`
			`remote_address = "server.hostname:8080",`

			`-- the path to an x509 PEM encoded private key file.`
			-- Omit this if you are using `bootstrap_via_ssh`.
			`-- pem_private_key = "/some/path/key.pem",`

			`-- the path to an x509 PEM encoded certificate file`
			-- Omit this if you are using `bootstrap_via_ssh`.
			`-- pem_cert = "/some/path/cert.pem",`

			`-- the path to an x509 PEM encoded CA chain file`
			-- Omit this if you are using `bootstrap_via_ssh`.
			`-- pem_ca = "/some/path/ca.pem",`

			`-- A set of paths to load additional CA certificates.`
			`-- Each entry can be either the path to a directory or to a PEM encoded`
			`-- CA file. If an entry is a directory, then its contents will be`
			`-- loaded as CA certs and added to the trust store.`
			-- Omit this if you are using `bootstrap_via_ssh`.
			`-- pem_root_certs = { "/some/path/ca1.pem", "/some/path/ca2.pem" },`

			`-- explicitly control whether the client checks that the certificate`
			`-- presented by the server matches the hostname portion of`
			-- `remote_address`. The default is true. This option is made
			`-- available for troubleshooting purposes and should not be used outside`
			`-- of a controlled environment as it weakens the security of the TLS`
			`-- channel.`
			`-- accept_invalid_hostnames = false,`

			`-- the hostname string that we expect to match against the common name`
			`-- field in the certificate presented by the server. This defaults to`
			-- the hostname portion of the `remote_address` configuration and you
			`-- should not normally need to override this value.`
			`-- expected_cn = "other.name",`

			`-- If true, connect to this domain automatically at startup`
			`-- connect_automatically = false,`

			`-- Specify an alternate read timeout`
			`-- read_timeout = 60,`

			`-- Specify an alternate write timeout`
			`-- write_timeout = 60,`

			`-- The path to the wezterm binary on the remote host`
			`-- remote_wezterm_path = "/home/myname/bin/wezterm"`
			`}`
			```