Make optional redirect to SSL
This commit is contained in:
parent
102c056b67
commit
5663c725be
2 changed files with 6 additions and 5 deletions
|
@ -120,6 +120,9 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl
|
|||
|
||||
Check the [example](examples/tls/README.md)
|
||||
|
||||
### Force HTTPS
|
||||
|
||||
By default the controller redirects (301) to HTTPS if there is a TLS Ingress rule. To disable this behavior use `use-hts=false` in the NGINX ConfigMap.
|
||||
|
||||
|
||||
#### Optimizing TLS Time To First Byte (TTTFB)
|
||||
|
|
|
@ -80,10 +80,6 @@ http {
|
|||
'' $scheme;
|
||||
}
|
||||
|
||||
map $pass_access_scheme $sts {
|
||||
'https' 'max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload';
|
||||
}
|
||||
|
||||
# Map a response error watching the header Content-Type
|
||||
map $http_accept $httpAccept {
|
||||
default html;
|
||||
|
@ -163,10 +159,12 @@ http {
|
|||
|
||||
server_name {{ $server.Name }};
|
||||
|
||||
{{ if $server.SSL }}
|
||||
{{ if (and $server.SSL $cfg.UseHTS) }}
|
||||
if ($scheme = http) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
more_set_headers "Strict-Transport-Security: max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload";
|
||||
{{ end }}
|
||||
|
||||
{{ range $location := $server.Locations }}
|
||||
|
|
Loading…
Reference in a new issue