helm icon indicating copy to clipboard operation
helm copied to clipboard
verified publisher icon nextcloud

Feature: Allow configuring SSL for the default NGINX config file

Open filipdutescu opened this issue 9 months ago • 3 comments

Description of the change

Allow setting properties in the values.yaml for NGINX which update the default configuration to use SSL.

Benefits

This will make it easier to setup SSL on the NGINX instance, as currently the only option is to copy the filled-in config file from the config map and adding the necessary settings, then disabling the default file and pasting it in the custom one.

The example configuration from NGINX I think should be enough for most use cases. This change will make it easy to setup mTLS inside the cluster without needing a server mesh or other such systems.

Possible drawbacks

Added complexity to the default file and values.yaml, but it should be decent to manage.

Additional information

See how Grafana's Loki does it for their NGINX gateway as an example of the values.yaml properties.

filipdutescu avatar Mar 08 '25 10:03 filipdutescu

I understand the idea of mTLS, but would it be better to use direct an servicemesh like linkerd or istio to get mTLS between the pods.

wrenix avatar Mar 10 '25 21:03 wrenix

Those solutions lead to an increase in resource consumption and they are too heavy to get only for the benefit of mTLS.

filipdutescu avatar Mar 10 '25 21:03 filipdutescu

I also run an environment where I don't have one already deployed so I am trying to avoid doing it only for Nextcloud.

filipdutescu avatar Mar 10 '25 21:03 filipdutescu