DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1361 commits 4 branches 217 tags 166 MiB
Commit graph

16 commits

Author SHA1 Message Date
Manuel de Brito Fontes
14a02d128c Simplify handling of ssl certificates 2017-07-12 15:29:03 -04:00
Manuel de Brito Fontes
4ee2bdc302 Add support for SubjectAltName in SSL certificates 2017-06-20 19:47:06 -04:00
Fabian Ruff
8304feb497 ensure private key and certificate match 
Adding an ingress tls secret with a non matching certificate and private key break at least the nginx-controller permanently until the offending secret is deleted.

In that case nginx refuses to start/reload with an error like this:
```
Error: exit status 1
2017/06/13 12:16:53 [emerg] 51#51: SSL_CTX_use_PrivateKey_file("/ingress-controller/ssl/monsoon3-tls-baremetal-3-eu-de-1-cloud-sap.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/ingress-controller/ssl/tls-baremetal-3-example-com.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /tmp/nginx-cfg728491545 test failed
```
 2017-06-13 15:16:24 +02:00
Giancarlo Rubio
d9cf043552 Instrument nginx to expose metric "ssl certficate expiration time " 
Add a console warning message 10 days before the certificate expire
 2017-06-13 13:44:00 +02:00
chentao1596
37bdb3952e fix all go style mistakes about fmt.Errorf 2017-03-17 08:35:55 +08:00
Andreas Kohn
3dece0ab70
Avoid a nil-reference when the temporary file cannot be created 2017-03-14 13:52:38 +01:00
Gorka Lerchundi Osa
e1c1dfadc7 allow specifying custom dh param 
fixes #162
 2017-03-08 15:32:32 +01:00
Ricardo Pchevuzinske Katz
e107e2b87f Temporary PEM Files cleanup 2017-03-06 16:33:44 -03:00
Ricardo Pchevuzinske Katz
51235a38e8 Removes wrong secret enqueing and improve the Fake Cert generation 2017-03-06 16:29:33 -03:00
Ricardo Pchevuzinske Katz
6c1b45a663 Generates a Self signed certificate for default vhost if the secret doesn't exists 
Generates a Self signed certificate for default vhost if the secret doesn't exists

	modified:   core/pkg/ingress/controller/backend_ssl.go
	modified:   core/pkg/ingress/controller/controller.go
	modified:   core/pkg/net/ssl/ssl.go
 2017-03-06 09:21:08 -03:00
Ricardo Pchevuzinske Katz
02fbf00fcb Checks if the TLS secret contains a valid keypair structure, with 'CERTIFICATE' before the Private Key 2017-03-01 15:44:39 -03:00
Ricardo Pchevuzinske Katz
a342c0bce3 Adds correct support for TLS Muthual autentication and depth verification 
modified:   controllers/nginx/configuration.md
	modified:   controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
	modified:   core/pkg/ingress/annotations/authtls/main.go
	modified:   core/pkg/ingress/controller/backend_ssl.go
	modified:   core/pkg/ingress/controller/controller.go
	modified:   core/pkg/ingress/controller/util_test.go
	modified:   core/pkg/ingress/resolver/main.go
	modified:   core/pkg/ingress/types.go
	modified:   core/pkg/net/ssl/ssl.go
	modified:   examples/PREREQUISITES.md
	new file:   examples/auth/client-certs/nginx/README.md
	new file:   examples/auth/client-certs/nginx/nginx-tls-auth.yaml
 2017-02-24 22:49:01 -03:00
Joao Morais
b7e8bde0e9 Fix panic if a tempfile cannot be created 2017-02-03 18:50:51 -02:00
Ricardo Pchevuzinske Katz
a930b29e41 Changes the SSL Temp file to something inside the same SSL Directory 2017-01-24 11:21:49 -02:00
Manuel de Brito Fontes
5a8e090736 Add Generic interface 2016-11-23 21:17:49 -03:00
Manuel de Brito Fontes
ed9a416b01 Split implementations from generic code 2016-11-23 21:17:49 -03:00