DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Complete documentation about SSL Passthrough

Browse source
This commit is contained in:
Antoine Cotten 2018-09-10 19:29:11 +02:00
parent 0a9db37e0f
commit a99f56dcbe
No known key found for this signature in database
GPG key ID: 94637E68D4A79DD0
2 changed files with 26 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

15
docs/user-guide/nginx-configuration/annotations.md
View file

@ -379,14 +379,17 @@ This annotation allows you to modify the status code used for permanent redirect
### SSL Passthrough
The annotation `nginx.ingress.kubernetes.io/ssl-passthrough` allows to configure TLS termination in the pod and not in NGINX.
The annotation `nginx.ingress.kubernetes.io/ssl-passthrough` instructs the controller to send TLS connections directly
to the backend instead of letting NGINX decrypt the communication. See also [TLS/HTTPS](../tls/#ssl-passthrough) in
the User guide.
!!! note
SSL Passthrough is **disabled by default** and requires starting the controller with the
[`--enable-ssl-passthrough`](../cli-arguments/) flag.
!!! attention
Using the annotation `nginx.ingress.kubernetes.io/ssl-passthrough` invalidates all the other available annotations.
This is because SSL Passthrough works on level 4 of the OSI stack (TCP), not on the HTTP/HTTPS level.
!!! attention
The use of this annotation requires the flag `--enable-ssl-passthrough` (By default it is disabled).
Because SSL Passthrough works on layer 4 of the OSI model (TCP) and not on the layer 7 (HTTP), using SSL Passthrough
invalidates all the other annotations set on an Ingress object.
### Secure backends DEPRECATED (since 0.18.0)