DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add proxy_ssl_* directives

Browse source 
Add support for backends which require client certificate (eg. NiFi)
authentication. The `proxy-ssl-secret` k8s annotation references a
secret which is used to authenticate to the backend server. All other
directives fine tune the backend communication.

The following annotations are supported:
* proxy-ssl-secret
* proxy-ssl-ciphers
* proxy-ssl-protocol
* proxy-ssl-verify
* proxy-ssl-verify-depth
This commit is contained in:
Gabor Lekeny 2019-07-17 02:23:32 +02:00
parent 589c9a20f9
commit def13fc06c
8 changed files with 476 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -864,6 +864,17 @@ stream {
{{ end }}
{{ end }}
{{ if not (empty $server.ProxySSL.CAFileName) }}
# PEM sha: {{ $server.ProxySSL.PemSHA }}
proxy_ssl_certificate {{ $server.ProxySSL.CAFileName }};
proxy_ssl_certificate_key {{ $server.ProxySSL.CAFileName }};
proxy_ssl_trusted_certificate {{ $server.ProxySSL.CAFileName }};
proxy_ssl_ciphers {{ $server.ProxySSL.Ciphers }};
proxy_ssl_protocols {{ $server.ProxySSL.Protocols }};
proxy_ssl_verify {{ $server.ProxySSL.Verify }};
proxy_ssl_verify_depth {{ $server.ProxySSL.VerifyDepth }};
{{ end }}
{{ if not (empty $server.SSLCiphers) }}
ssl_ciphers {{ $server.SSLCiphers }};
{{ end }}