aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/vnfsdk/resources/nginx
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-25 18:13:19 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-03-20 19:41:45 +0000
commit554bc6b6d540810be1fd2c4fa1117719c21527de (patch)
treee8e503ed7c29217a5bd4951a222681f3d64d8c00 /kubernetes/vnfsdk/resources/nginx
parentfde94076e689727e8a2c3c5147ce1242dc225f87 (diff)
[VNFSDK] Automatically retrieve certificates
Instead of using hardcoded certificates, let's use certInitializer in order to retrieve them. Issue-ID: OOM-2696 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
Diffstat (limited to 'kubernetes/vnfsdk/resources/nginx')
-rw-r--r--kubernetes/vnfsdk/resources/nginx/nginx.conf63
1 files changed, 63 insertions, 0 deletions
diff --git a/kubernetes/vnfsdk/resources/nginx/nginx.conf b/kubernetes/vnfsdk/resources/nginx/nginx.conf
new file mode 100644
index 0000000000..d26cc5d813
--- /dev/null
+++ b/kubernetes/vnfsdk/resources/nginx/nginx.conf
@@ -0,0 +1,63 @@
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+daemon off;
+
+#pid /run/nginx.pid;
+
+events {
+ worker_connections 500;
+ # multi_accept on;
+}
+http {
+
+ ##
+ # Basic Settings
+ ##
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+ #Comment or disable the access_log once tested to avoid runtime logs
+# access_log /var/log/nginx/access.log format gzip;
+ access_log off;
+ error_log /var/log/nginx/error.log;
+
+ server {
+ listen *:8703 ssl;
+ server_name
+ ssl on;
+ ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.pem;
+ ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
+ ssl_session_cache builtin:1000 shared:SSL:80m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
+ ssl_prefer_server_ciphers on;
+ ssl_session_timeout 10m;
+ keepalive_timeout 70;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://localhost:8702;
+ proxy_read_timeout 90;
+ proxy_redirect off;
+ }
+ }
+} \ No newline at end of file