DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2018-12-18 21:16:16 +00:00
parent d75367b4e8
commit 4de80b6e8c
15 changed files with 296 additions and 399 deletions
Download patch file Download diff file Expand all files Collapse all files

9
examples/auth/client-certs/index.html
View file

@ -1150,6 +1150,15 @@ Before getting started you must have the following Certificates Setup:</p>
<li>Server Certificate(Signed by CA) and Key (CN should be equal the hostname you will use)</li>
<li>Client Certificate(Signed by CA) and Key</li>
</ol>
<p>For more details on the generation process, checkout the Prerequisite <a href="../../PREREQUISITES/">docs</a>.</p>
<p>You can have as many certificates as you want. If they're in the binary DER format, you can convert them as the following:
<div class="codehilite"><pre><span></span>$ openssl x509 -in certificate.der -inform der -out certificate.crt -outform pem
</pre></div>
Then, you can concatenate them all in only one file, named 'ca.crt' as the following:
<div class="codehilite"><pre><span></span>$ cat certificate1.crt certificate2.crt certificate3.crt &gt;&gt; ca.crt
</pre></div></p>
<p><strong>Note:</strong> Make sure that the Key Size is greater than 1024 and Hashing Algorithm(Digest) is something better than md5
for each certificate generated. Otherwise you will receive an error.</p>
<h2 id="creating-certificate-secrets">Creating Certificate Secrets<a class="headerlink" href="#creating-certificate-secrets" title="Permanent link">&para;</a></h2>
<p>There are many different ways of configuring your secrets to enable Client-Certificate
Authentication to work properly.</p>

10
examples/auth/oauth-external-auth/index.html
View file

@ -1198,11 +1198,11 @@ authenticate against the first Ingress's endpoint, and can redirect <code class=
same endpoint.</p>
<p>Sample:</p>
<div class="codehilite"><pre><span></span><span class="nn">...</span>
<span class="l l-Scalar l-Scalar-Plain">metadata</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">name</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">application</span>
<span class="l l-Scalar l-Scalar-Plain">annotations</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/auth-url</span><span class="p p-Indicator">:</span> <span class="s">&quot;https://$host/oauth2/auth&quot;</span>
<span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/auth-signin</span><span class="p p-Indicator">:</span> <span class="s">&quot;https://$host/oauth2/start?rd=$escaped_request_uri&quot;</span>
<span class="nt">metadata</span><span class="p">:</span>
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">application</span>
<span class="nt">annotations</span><span class="p">:</span>
<span class="nt">nginx.ingress.kubernetes.io/auth-url</span><span class="p">:</span> <span class="s">&quot;https://$host/oauth2/auth&quot;</span>
<span class="nt">nginx.ingress.kubernetes.io/auth-signin</span><span class="p">:</span> <span class="s">&quot;https://$host/oauth2/start?rd=$escaped_request_uri&quot;</span>
<span class="nn">...</span>
</pre></div>