Michael Pleshakov
Michael Pleshakov
as a workaround in the Ingress controller, you can create an Ingress resource for which NGINX will create a virtual server that will listen on a custom port. For example:...
@luispollo we don't support Ingress resources without hosts. It might be the case that you're using a different Ingress Controller https://github.com/kubernetes/ingress-nginx Could you possible double check?
There is a workaround that uses server snippet [annotation](https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/#snippets-and-custom-templates): ```yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: cafe-ingress annotations: kubernetes.io/ingress.class: "nginx" nginx.org/server-snippets: "server_name ~^.*$;" spec: tls: - hosts: - cafe.example.com secretName:...
Hi @svvac This was tagged as a proposal because from our point of view it is an enhancement rather than a bug. This wasn't included into the initial VirtualServer implementation...
> So if I understand correctly, there is currently no way to use the wildcard certificate of the ingress in VirtualServers other than duplicating it? that is correct. One other...
Hi @muradmomani > Is there any security hardening document suggested from your side as that supported by CIS Benchmark that is suitable for the ingress controller! or any other way...
Hi @timdeluxe I think your knowledge could be helpful for the community. However, this seems like a specialized topic, so not sure if it makes sense to put that in...
the PR introduces a breaking change -- `controller.defaultTLS.cert` and `controller.defaultTLS.key` are removed completely. Users might use them to configure the cert and key with non-default values. Is it necessary to...
Hi @siavashsoleymani Could you try to use `nginx.org/redirect-to-https` annotation? https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations/#auth-and-ssl-tls If that annotation is used, NGINX will have a TLS redirect based on X-Forwarded-Proto header (it must be `https` for...
@siavashsoleymani it is possible to change the template here -- https://github.com/nginxinc/kubernetes-ingress/blob/v1.9.1/internal/configs/version1/nginx.ingress.tmpl#L154 to ``` proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; ``` So that in all generated config, the X-Forwarded-Proto is always forwarded to backends...