DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make optional redirect to SSL

Browse source
This commit is contained in:
Manuel de Brito Fontes 2016-04-15 09:35:39 -03:00
parent 102c056b67
commit 5663c725be
2 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
controllers/nginx/README.md
View file

@ -120,6 +120,9 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl
Check the [example](examples/tls/README.md)
### Force HTTPS
By default the controller redirects (301) to HTTPS if there is a TLS Ingress rule. To disable this behavior use `use-hts=false` in the NGINX ConfigMap.
#### Optimizing TLS Time To First Byte (TTTFB)

8
controllers/nginx/nginx.tmpl
View file

@ -80,10 +80,6 @@ http {
'' $scheme;
}
map $pass_access_scheme $sts {
'https' 'max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload';
}
# Map a response error watching the header Content-Type
map $http_accept $httpAccept {
default html;
@ -163,10 +159,12 @@ http {
server_name {{ $server.Name }};
{{ if $server.SSL }}
{{ if (and $server.SSL $cfg.UseHTS) }}
if ($scheme = http) {
return 301 https://$host$request_uri;
}
more_set_headers "Strict-Transport-Security: max-age={{ $cfg.htsMaxAge }}{{ if $cfg.htsIncludeSubdomains }}; includeSubDomains{{ end }}; preload";
{{ end }}
{{ range $location := $server.Locations }}