Consul configuration. server.json is only put onto the server. Every other file is on both server and client in consuls config directory. The encrypt key is a new one of course and the tls files you have to generate on your own. I followed https://www.digitalocean.com/community/tutorials/how-to-secure-consul-with-tls-encryption-on-ubuntu-14-04. I start consul with "GOMAXPROCS=`nproc` consul agent -config-dir /opt/consul.d/".

## check.json
{
  "check": {
    "id": "apphealth",
    "name": "App Healthy Check",
    "script": "nc -z localhost 5678 || exit 2",
    "interval": "2s"
  }
}

## common.json
{
  "data_dir": "/tmp/consul",
  "start_join": ["10.101.16.66"],
  "log_level": "warn"
}

## encrypt.json
{
  "encrypt": "GNkWrPBNrd2N/F7GoiYZ2g=="
}

## server.json
{
  "server": true,
  "bootstrap_expect": 3
}

## service.json
{
  "service": {
    "name": "service",
    "tags": [
      "web"
    ],
    "port": 8000
  }
}

## tls.json
{
  "ca_file": "/opt/consul.d/ssl/ca.cert",
  "cert_file": "/opt/consul.d/ssl/consul.cert",
  "key_file": "/opt/consul.d/ssl/consul.key",
  "verify_incoming": true,
  "verify_outgoing": true
}
	{
	"check": {
	"id": "apphealth",
	"name": "App Healthy Check",
	"script": "nc -z localhost 5678 \|\| exit 2",
	"interval": "2s"
	}
	}
	{
	"data_dir": "/tmp/consul",
	"start_join": ["10.101.16.66"],
	"log_level": "warn"
	}
	{
	"service": {
	"name": "service",
	"tags": [
	"web"
	],
	"port": 8000
	}
	}
	{
	"ca_file": "/opt/consul.d/ssl/ca.cert",
	"cert_file": "/opt/consul.d/ssl/consul.cert",
	"key_file": "/opt/consul.d/ssl/consul.key",
	"verify_incoming": true,
	"verify_outgoing": true
	}