aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/components/policy-gui/resources/config/default.conf
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy/components/policy-gui/resources/config/default.conf')
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/default.conf32
1 files changed, 32 insertions, 0 deletions
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
new file mode 100644
index 0000000000..98417cd822
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/default.conf
@@ -0,0 +1,32 @@
+server {
+
+ listen 2443 default ssl;
+ ssl_protocols TLSv1.2;
+ {{ if .Values.global.aafEnabled }}
+ ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+ ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+ {{ else }}
+ ssl_certificate /etc/ssl/clamp.pem;
+ ssl_certificate_key /etc/ssl/clamp.key;
+ {{ end }}
+
+ ssl_verify_client optional_no_ca;
+ absolute_redirect off;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri $uri/ =404;
+ }
+
+ location /clamp/restservices/clds/ {
+ proxy_pass https://policy-clamp-be:8443/restservices/clds/;
+ proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
+ }
+
+ location = /50x.html {
+ root /var/lib/nginx/html;
+ }
+ error_page 500 502 503 504 /50x.html;
+ error_log /var/log/nginx/error.log warn;
+}