DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for enabling ssl_ciphers per host (#2006)

Browse source 
* Add support for adding ssl_ciphers

* Add documentation
This commit is contained in:
Anish Ramasekar 2018-01-31 10:53:07 -06:00 committed by Manuel Alejandro de Brito Fontes
parent 8bdb5e42f2
commit d7ef6b3fc7
8 changed files with 131 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/user-guide/annotations.md
View file

@ -59,6 +59,7 @@ The following annotations are supported:
|[nginx.ingress.kubernetes.io/upstream-vhost](#custom-nginx-upstream-vhost)|string|
|[nginx.ingress.kubernetes.io/whitelist-source-range](#whitelist-source-range)|CIDR|
|[nginx.ingress.kubernetes.io/proxy-buffering](#proxy-buffering)|string|
|[nginx.ingress.kubernetes.io/ssl-ciphers](#ssl-ciphers)|string|
**Note:** all the values must be a string. In case of booleans or number it must be quoted.
@ -419,3 +420,13 @@ To use custom values in an Ingress rule define these annotation:
```yaml
nginx.ingress.kubernetes.io/proxy-buffering: "on"
```
### SSL ciphers
Specifies the [enabled ciphers](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers).
Using this annotation will set the `ssl_ciphers` directive at the server level. This configuration is active for all the paths in the host.
```yaml
nginx.ingress.kubernetes.io/ssl-ciphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
```