Add port for plain HTTP to HTTPS redirection
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
5b8d4baf5c
commit
7da08be741
2 changed files with 30 additions and 29 deletions
|
|
@ -46,10 +46,6 @@ controller:
|
|||
|
||||
publishService:
|
||||
enabled: false
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
|
|
@ -62,10 +58,6 @@ controller:
|
|||
service:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
|
|
@ -87,10 +79,6 @@ controller:
|
|||
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
|
||||
# increased to '3600' to avoid any potential issues.
|
||||
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
|
|
@ -107,9 +95,8 @@ controller:
|
|||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
|
||||
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
|
||||
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
|
||||
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: elb
|
||||
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
|
||||
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
|
||||
|
|
@ -117,21 +104,27 @@ controller:
|
|||
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
|
||||
|
||||
targetPorts:
|
||||
http: http
|
||||
http: tohttps
|
||||
https: http
|
||||
tohttps: tohttps
|
||||
|
||||
# Configures the ports the nginx-controller listens on
|
||||
containerPort:
|
||||
http: 80
|
||||
https: 80
|
||||
tohttps: 2443
|
||||
|
||||
config:
|
||||
# Force 80 -> 443
|
||||
force-ssl-redirect: "true"
|
||||
# use-forwarded-headers: "true"
|
||||
|
||||
# Obtain IP ranges from AWS and configure the defaults
|
||||
# curl https://ip-ranges.amazonaws.com/ip-ranges.json | cat ip-ranges.json | jq -r '.prefixes[] .ip_prefix'| paste -sd "," -
|
||||
# proxy-real-ip-cidr: []
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
|
||||
# DO NOT FORGET TO SET YOUR VPC CIDR
|
||||
proxy-real-ip-cidr: XXX.XXX.XXX/XX
|
||||
use-forwarded-headers: "true"
|
||||
http-snippet: |
|
||||
server {
|
||||
listen 2443;
|
||||
return 308 https://\$host\$request_uri;
|
||||
}
|
||||
EOF
|
||||
|
||||
echo "${NAMESPACE_VAR}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue