diff options
Diffstat (limited to 'kubernetes/sdc/components/sdc-be/resources/config/start.d/ssl.ini')
| -rw-r--r-- | kubernetes/sdc/components/sdc-be/resources/config/start.d/ssl.ini | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/kubernetes/sdc/components/sdc-be/resources/config/start.d/ssl.ini b/kubernetes/sdc/components/sdc-be/resources/config/start.d/ssl.ini new file mode 100644 index 0000000000..43941594de --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/resources/config/start.d/ssl.ini @@ -0,0 +1,100 @@ +# --------------------------------------- +# Module: ssl +--module=ssl + +### TLS(SSL) Connector Configuration + +## Connector host/address to bind to +# jetty.ssl.host=0.0.0.0 + +## Connector port to listen on +jetty.ssl.port={{ .Values.jetty.httpsPort }} + +## Connector idle timeout in milliseconds +# jetty.ssl.idleTimeout=30000 + +## Connector socket linger time in seconds (-1 to disable) +# jetty.ssl.soLingerTime=-1 + +## Number of acceptors (-1 picks default based on number of cores) +# jetty.ssl.acceptors=-1 + +## Number of selectors (-1 picks default based on number of cores) +# jetty.ssl.selectors=-1 + +## ServerSocketChannel backlog (0 picks platform default) +# jetty.ssl.acceptorQueueSize=0 + +## Thread priority delta to give to acceptor threads +# jetty.ssl.acceptorPriorityDelta=0 + +## Whether request host names are checked to match any SNI names +# jetty.ssl.sniHostCheck=true + +## max age in seconds for a Strict-Transport-Security response header (default -1) +# jetty.ssl.stsMaxAgeSeconds=31536000 + +## include subdomain property in any Strict-Transport-Security header (default false) +# jetty.ssl.stsIncludeSubdomains=true + +### SslContextFactory Configuration +## Note that OBF passwords are not secure, just protected from casual observation +## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html + +## Keystore file path (relative to $jetty.base) +{{- if .Values.jetty.keystorePath }} +jetty.sslContext.keyStorePath={{ .Values.jetty.keystorePath }} +{{- end }} + +## Truststore file path (relative to $jetty.base) +{{- if .Values.jetty.truststorePath }} +i +jetty.sslContext.trustStorePath={{ .Values.jetty.truststorePath }} +{{- end }} + +## Keystore password +{{- if .Values.jetty.keystorePassword }} +jetty.sslContext.keyStorePassword={{ .Values.jetty.keystorePassword }} +{{- end }} + +## Keystore type and provider +# jetty.sslContext.keyStoreType=JKS +# jetty.sslContext.keyStoreProvider= + +## KeyManager password +{{- if .Values.jetty.keystorePassword }} +jetty.sslContext.keyManagerPassword={{ .Values.jetty.keystorePassword }} +{{- end }} + +## Truststore password +# tp{{ .Values.jetty.truststorePassword }}end +# kp{{ .Values.jetty.keystorePassword }}end +{{- if .Values.jetty.truststorePassword }} +jetty.sslContext.trustStorePassword={{ .Values.jetty.truststorePassword }} +{{- end }} + +## Truststore type and provider +# jetty.sslContext.trustStoreType=JKS +# jetty.sslContext.trustStoreProvider= + +## whether client certificate authentication is required +jetty.sslContext.needClientAuth={{ .Values.jetty.truststorePassword | quote | default "false" | not | toString }} + +## Whether client certificate authentication is desired +# jetty.sslContext.wantClientAuth=false + +## Whether cipher order is significant (since java 8 only) +# jetty.sslContext.useCipherSuitesOrder=true + +## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at +## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites + +## Set the size of the SslSession cache +# jetty.sslContext.sslSessionCacheSize=-1 + +## Set the timeout (in seconds) of the SslSession cache timeout +# jetty.sslContext.sslSessionTimeout=-1 + +## Allow SSL renegotiation +# jetty.sslContext.renegotiationAllowed=true +# jetty.sslContext.renegotiationLimit=5 |