diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-25 18:13:19 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-03-20 19:41:45 +0000 |
commit | 554bc6b6d540810be1fd2c4fa1117719c21527de (patch) | |
tree | e8e503ed7c29217a5bd4951a222681f3d64d8c00 /kubernetes/vnfsdk/resources/nginx | |
parent | fde94076e689727e8a2c3c5147ce1242dc225f87 (diff) |
[VNFSDK] Automatically retrieve certificates
Instead of using hardcoded certificates, let's use certInitializer in
order to retrieve them.
Issue-ID: OOM-2696
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
Diffstat (limited to 'kubernetes/vnfsdk/resources/nginx')
-rw-r--r-- | kubernetes/vnfsdk/resources/nginx/nginx.conf | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/kubernetes/vnfsdk/resources/nginx/nginx.conf b/kubernetes/vnfsdk/resources/nginx/nginx.conf new file mode 100644 index 0000000000..d26cc5d813 --- /dev/null +++ b/kubernetes/vnfsdk/resources/nginx/nginx.conf @@ -0,0 +1,63 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +daemon off; + +#pid /run/nginx.pid; + +events { + worker_connections 500; + # multi_accept on; +} +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + #Comment or disable the access_log once tested to avoid runtime logs +# access_log /var/log/nginx/access.log format gzip; + access_log off; + error_log /var/log/nginx/error.log; + + server { + listen *:8703 ssl; + server_name + ssl on; + ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.pem; + ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; + ssl_session_cache builtin:1000 shared:SSL:80m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + keepalive_timeout 70; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://localhost:8702; + proxy_read_timeout 90; + proxy_redirect off; + } + } +}
\ No newline at end of file |