ilnmors-homelab/docs/adr/011-tls-communication.md

ADR 011 - TLS communication

Date

• Mar/06/2026
  • First documentation

Status

• Accepted

Context

• To make administrational policy simple
• Set the principle of TLS communication boundry

Considerations

Apply mTLS

• implementing mTLS needs both client certificate and server certificate
• Managing a number of certificates makes a huge operational burden (expiry date, revocation, etc ..)

Decisions

• Set TLS for all communication except 'lo' interface
• When it is possible to activate TLS, apply it even in 'lo' interface

Consequences

• The policy is set simple
• The overhead is increased little
• Exclude the exceptions on operation (For the administrator)