Add HTTPS default backend
This commit is contained in:
parent
ba964cdcda
commit
8f4efb4e3d
2 changed files with 11 additions and 0 deletions
|
@ -9,6 +9,7 @@ This is a nginx Ingress controller that uses [ConfigMap](https://github.com/kube
|
|||
* [Deployment](#deployment)
|
||||
* [HTTP](#http)
|
||||
* [HTTPS](#https)
|
||||
* [Default SSL Certificate](#default-ssl-certificate)
|
||||
* [HTTPS enforcement](#server-side-https-enforcement)
|
||||
* [HSTS](#http-strict-transport-security)
|
||||
* [TCP Services](#exposing-tcp-services)
|
||||
|
@ -133,6 +134,13 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl
|
|||
|
||||
Check the [example](examples/tls/README.md)
|
||||
|
||||
### Default SSL Certificate
|
||||
|
||||
NGINX provides the option [default_server](http://nginx.org/en/docs/http/server_names.html) to allow a catch-all server in case of request with a not configured server name. This configuration works without issues for HTTP traffic.
|
||||
In case of HTTPS NGINX requires a certificate. For this reason the Ingress controller provides the flag `--default-ssl-certificate`. The secret behind this flag contains the default certificate to be used in the mentioned case.
|
||||
If this flag is not provided NGINX will reject the request with the HTTP code 444.
|
||||
|
||||
|
||||
### Server-side HTTPS enforcement
|
||||
|
||||
By default the controller redirects (301) to HTTPS if TLS is enabled for that ingress . If you want to disable that behaviour globally, you can use `ssl-redirect: "false"` in the NGINX config map.
|
||||
|
|
|
@ -85,6 +85,9 @@ var (
|
|||
This can be used as a guide to create a custom configuration.`)
|
||||
|
||||
profiling = flags.Bool("profiling", true, `Enable profiling via web interface host:port/debug/pprof/`)
|
||||
|
||||
defSSLCertificate = flags.String("default-ssl-certificate", "", `Name of the secret that contains a SSL
|
||||
certificate to be used as default for a HTTPS catch-all server`)
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
|
Loading…
Reference in a new issue