DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use new proxyssl.Config field in nginx template

Browse source
This commit is contained in:
Julio Camarero 2024-12-06 16:05:20 +01:00
parent 7e70470f18
commit 59851d6fdc
No known key found for this signature in database
GPG key ID: 13D4414ED5D08C25
1 changed files with 20 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -912,9 +912,14 @@ stream {
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ if not (empty $server.ProxySSL.CAFileName) }} {{ if or (not (empty $server.ProxySSL.ProxySSLCA.CAFileName)) (not (empty $server.ProxySSL.CAFileName)) }}
{{ if not (empty $server.ProxySSL.ProxySSLCA.CAFileName) }}
# PEM sha: {{ $server.ProxySSL.ProxySSLCA.CASHA }}
proxy_ssl_trusted_certificate {{ $server.ProxySSL.ProxySSLCA.CAFileName }};
{{ else if not (empty $server.ProxySSL.CAFileName) }}
# PEM sha: {{ $server.ProxySSL.CASHA }} # PEM sha: {{ $server.ProxySSL.CASHA }}
proxy_ssl_trusted_certificate {{ $server.ProxySSL.CAFileName }}; proxy_ssl_trusted_certificate {{ $server.ProxySSL.CAFileName }};
{{ end }}
proxy_ssl_ciphers {{ $server.ProxySSL.Ciphers }}; proxy_ssl_ciphers {{ $server.ProxySSL.Ciphers }};
proxy_ssl_protocols {{ $server.ProxySSL.Protocols }}; proxy_ssl_protocols {{ $server.ProxySSL.Protocols }};
proxy_ssl_verify {{ $server.ProxySSL.Verify }}; proxy_ssl_verify {{ $server.ProxySSL.Verify }};
@ -925,7 +930,10 @@ stream {
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ if not (empty $server.ProxySSL.PemFileName) }} {{ if not (empty $server.ProxySSL.ProxySSLClientCert.PemFileName) }}
proxy_ssl_certificate {{ $server.ProxySSL.ProxySSLClientCert.PemFileName }};
proxy_ssl_certificate_key {{ $server.ProxySSL.ProxySSLClientCert.PemFileName }};
{{ else if not (empty $server.ProxySSL.PemFileName) }}
proxy_ssl_certificate {{ $server.ProxySSL.PemFileName }}; proxy_ssl_certificate {{ $server.ProxySSL.PemFileName }};
proxy_ssl_certificate_key {{ $server.ProxySSL.PemFileName }}; proxy_ssl_certificate_key {{ $server.ProxySSL.PemFileName }};
{{ end }} {{ end }}
@ -1386,9 +1394,14 @@ stream {
# Location denied. Reason: {{ $location.Denied | quote }} # Location denied. Reason: {{ $location.Denied | quote }}
return 503; return 503;
{{ end }} {{ end }}
{{ if not (empty $location.ProxySSL.CAFileName) }} {{ if or (not (empty $location.ProxySSL.ProxySSLCA.CAFileName)) (not (empty $location.ProxySSL.CAFileName)) }}
{{ if not (empty $location.ProxySSL.ProxySSLCA.CAFileName) }}
# PEM sha: {{ $location.ProxySSL.ProxySSLCA.CASHA }}
proxy_ssl_trusted_certificate {{ $location.ProxySSL.ProxySSLCA.CAFileName }};
{{ else if not (empty $location.ProxySSL.CAFileName) }}
# PEM sha: {{ $location.ProxySSL.CASHA }} # PEM sha: {{ $location.ProxySSL.CASHA }}
proxy_ssl_trusted_certificate {{ $location.ProxySSL.CAFileName }}; proxy_ssl_trusted_certificate {{ $location.ProxySSL.CAFileName }};
{{ end }}
proxy_ssl_ciphers {{ $location.ProxySSL.Ciphers }}; proxy_ssl_ciphers {{ $location.ProxySSL.Ciphers }};
proxy_ssl_protocols {{ $location.ProxySSL.Protocols }}; proxy_ssl_protocols {{ $location.ProxySSL.Protocols }};
proxy_ssl_verify {{ $location.ProxySSL.Verify }}; proxy_ssl_verify {{ $location.ProxySSL.Verify }};
@ -1402,7 +1415,10 @@ stream {
proxy_ssl_server_name {{ $location.ProxySSL.ProxySSLServerName }}; proxy_ssl_server_name {{ $location.ProxySSL.ProxySSLServerName }};
{{ end }} {{ end }}
{{ if not (empty $location.ProxySSL.PemFileName) }} {{ if not (empty $location.ProxySSL.ProxySSLClientCert.PemFileName) }}
proxy_ssl_certificate {{ $location.ProxySSL.ProxySSLClientCert.PemFileName }};
proxy_ssl_certificate_key {{ $location.ProxySSL.ProxySSLClientCert.PemFileName }};
{{ else if not (empty $location.ProxySSL.PemFileName) }}
proxy_ssl_certificate {{ $location.ProxySSL.PemFileName }}; proxy_ssl_certificate {{ $location.ProxySSL.PemFileName }};
proxy_ssl_certificate_key {{ $location.ProxySSL.PemFileName }}; proxy_ssl_certificate_key {{ $location.ProxySSL.PemFileName }};
{{ end }} {{ end }}