DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4689 from janosi/upstream_ssl

Browse source 
Server-only authentication of backends and per-location SSL config
This commit is contained in:
Kubernetes Prow Robot 2019-11-18 19:49:43 -08:00 committed by GitHub
commit 62518b60b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

20
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -818,8 +818,6 @@ stream {
{{ if not (empty $server.ProxySSL.CAFileName) }}
# PEM sha: {{ $server.ProxySSL.CASHA }}
proxy_ssl_certificate {{ $server.ProxySSL.CAFileName }};
proxy_ssl_certificate_key {{ $server.ProxySSL.CAFileName }};
proxy_ssl_trusted_certificate {{ $server.ProxySSL.CAFileName }};
proxy_ssl_ciphers {{ $server.ProxySSL.Ciphers }};
proxy_ssl_protocols {{ $server.ProxySSL.Protocols }};
@ -827,6 +825,11 @@ stream {
proxy_ssl_verify_depth {{ $server.ProxySSL.VerifyDepth }};
{{ end }}
{{ if not (empty $server.ProxySSL.PemFileName) }}
proxy_ssl_certificate {{ $server.ProxySSL.PemFileName }};
proxy_ssl_certificate_key {{ $server.ProxySSL.PemFileName }};
{{ end }}
{{ if not (empty $server.SSLCiphers) }}
ssl_ciphers {{ $server.SSLCiphers }};
{{ end }}
@ -1287,6 +1290,19 @@ stream {
# Location denied. Reason: {{ $location.Denied | quote }}
return 503;
{{ end }}
{{ if not (empty $location.ProxySSL.CAFileName) }}
# PEM sha: {{ $location.ProxySSL.CASHA }}
proxy_ssl_trusted_certificate {{ $location.ProxySSL.CAFileName }};
proxy_ssl_ciphers {{ $location.ProxySSL.Ciphers }};
proxy_ssl_protocols {{ $location.ProxySSL.Protocols }};
proxy_ssl_verify {{ $location.ProxySSL.Verify }};
proxy_ssl_verify_depth {{ $location.ProxySSL.VerifyDepth }};
{{ end }}
{{ if not (empty $location.ProxySSL.PemFileName) }}
proxy_ssl_certificate {{ $location.ProxySSL.PemFileName }};
proxy_ssl_certificate_key {{ $location.ProxySSL.PemFileName }};
{{ end }}
}
{{ end }}
{{ end }}