nginx-gateway-fabric icon indicating copy to clipboard operation
nginx-gateway-fabric copied to clipboard

Published 20 hours ago verified publisher icon nginxinc

TLS Passthrough for Listeners

Open mpstefan opened this issue 2 years ago • 2 comments
trafficstars

As a user of NKG I want to enable TLS Passthrough for my application's endpoints So that I can achieve end to end encryption for my incoming traffic And so that I do not have to manage certificates at the Gateway.

### Tasks
- [x] Write nginx configuration and test it
- [x] Update nginx template to configure TLS Passthrough
- [x] Add dataplane configuration for TLS Passthrough
- [x] Add TLSRoutes to graph (can this be broken down further?)
- [x] Register TLSRoute controller
- [x] Update status of TLSRoute
- [x] Enable TLSRoute conformance tests
- [ ] Update compatibility documentation

Acceptance

  • When a Listener's GatewayTLSConfig's TLSModeType is set to "Passthrough", any TLS traffic handled by the listener is NOT terminated and is instead sent to the upstream.
  • Compatibility documentation is updated.

mpstefan avatar May 26 '23 18:05 mpstefan

For discussion:

  • Do we want to create an example for TLS passthrough, as it appears to be a common practice?

mpstefan avatar May 26 '23 18:05 mpstefan

Screen Shot 2023-09-11 at 9 45 44 AM

This might help clarify which Route type to use with different TLS modes

kate-osborn avatar Sep 11 '23 15:09 kate-osborn