Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default

2018-03-18 10:46:02 +01:00 · 2018-03-18 10:46:02 +01:00 · c4727f8c95
commit c4727f8c95
parent b727e1aeb4
2 changed files with 8 additions and 1 deletions
--- a/docs/user-guide/configmap.md
+++ b/docs/user-guide/configmap.md
@ -132,6 +132,7 @@ The following table shows a configuration option's name, type, and the default v
 |[http-redirect-code](#http-redirect-code)|int|308|
 |[proxy-buffering](#proxy-buffering)|string|"off"|
 |[limit-req-status-code](#limit-req-status-code)|int|503|
+|[no-tls-redirect-locations](#no-tls-redirect-locations)|string|"/.well-known/acme-challenge/"|

 ## add-headers

@ -725,3 +726,8 @@ Enables or disables [buffering of responses from the proxied server](http://ngin
 ## limit-req-status-code

 Sets the [status code to return in response to rejected requests](http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_status).Default: 503
+
+## no-tls-redirect-locations
+
+A comma-separated list of locations on which http requests will never get redirected to their https counterpart.
+Default: "/.well-known/acme-challenge/"
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@ -487,7 +487,7 @@ type Configuration struct {
 	// SyslogPort port
 	SyslogPort int `json:"syslog-port",omitempty`

-	// NoTLSRedirectLocations is a comma-seperated list of locations
+	// NoTLSRedirectLocations is a comma-separated list of locations
 	// that should not get redirected to TLS
 	NoTLSRedirectLocations string `json:"no-tls-redirect-locations"`
 }
@ -586,6 +586,7 @@ func NewDefault() Configuration {
 		JaegerSamplerParam:           "1",
 		LimitReqStatusCode:           503,
 		SyslogPort:                   514,
+		NoTLSRedirectLocations:       "/.well-known/acme-challenge/",
 	}

 	if glog.V(5) {