Make optional redirect to SSL
This commit is contained in:
parent
102c056b67
commit
5663c725be
2 changed files with 6 additions and 5 deletions
|
@ -120,6 +120,9 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl
|
||||||
|
|
||||||
Check the [example](examples/tls/README.md)
|
Check the [example](examples/tls/README.md)
|
||||||
|
|
||||||
|
### Force HTTPS
|
||||||
|
|
||||||
|
By default the controller redirects (301) to HTTPS if there is a TLS Ingress rule. To disable this behavior use `use-hts=false` in the NGINX ConfigMap.
|
||||||
|
|
||||||
|
|
||||||
#### Optimizing TLS Time To First Byte (TTTFB)
|
#### Optimizing TLS Time To First Byte (TTTFB)
|
||||||
|
|
|
@ -80,10 +80,6 @@ http {
|
||||||
'' $scheme;
|
'' $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
map $pass_access_scheme $sts {
|
|
||||||
'https' 'max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload';
|
|
||||||
}
|
|
||||||
|
|
||||||
# Map a response error watching the header Content-Type
|
# Map a response error watching the header Content-Type
|
||||||
map $http_accept $httpAccept {
|
map $http_accept $httpAccept {
|
||||||
default html;
|
default html;
|
||||||
|
@ -163,10 +159,12 @@ http {
|
||||||
|
|
||||||
server_name {{ $server.Name }};
|
server_name {{ $server.Name }};
|
||||||
|
|
||||||
{{ if $server.SSL }}
|
{{ if (and $server.SSL $cfg.UseHTS) }}
|
||||||
if ($scheme = http) {
|
if ($scheme = http) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
more_set_headers "Strict-Transport-Security: max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload";
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{ range $location := $server.Locations }}
|
{{ range $location := $server.Locations }}
|
||||||
|
|
Loading…
Reference in a new issue