TLS.md: Move the TLS secret misc bit to the TLS document

2018-05-02 17:11:20 +03:00 · 2018-05-02 17:11:20 +03:00 · 451a01bb0a
commit 451a01bb0a
parent 52e730292e
2 changed files with 18 additions and 6 deletions
--- a/docs/user-guide/miscellaneous.md
+++ b/docs/user-guide/miscellaneous.md
@ -1,11 +1,5 @@
 # Miscellaneous
 ## Conventions
 Anytime we reference a tls secret, we mean (x509, pem encoded, RSA 2048, etc). You can generate such a certificate with:
 `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"`
 and create the secret via `kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}`
 ## Requirements
 The default backend is a service which handles all url paths and hosts the nginx controller doesn't understand (i.e., all the requests that are not mapped with an Ingress).
--- a/docs/user-guide/tls.md
+++ b/docs/user-guide/tls.md
@ -9,6 +9,24 @@
 - [Default TLS Version and Ciphers](#default-tls-version-and-ciphers)
 - [Legacy TLS](#legacy-tls)
 ## TLS Secrets
 Anytime we reference a TLS secret, we mean a PEM-encoded X.509, RSA (2048) secret.
 You can generate a self-signed certificate and private key with with:
 ```bash
 $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"`
 ```
 Then create the secret in the cluster via:
 ```bash
 kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
 ```
 The resulting secret will be of type `kubernetes.io/tls`.
 ## Default SSL Certificate
 NGINX provides the option to configure a server as a catch-all with [server_name](http://nginx.org/en/docs/http/server_names.html) for requests that do not match any of the configured server names. This configuration works without issues for HTTP traffic.