Merge "[SDC] Update SDC docker versions to 1.10.1"

[oom.git] / kubernetes / aai / resources / config / haproxy / haproxy-pluggable-security.cfg

diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
index b05ffae..6e7acef 100644 (file)
--- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -62,7 +62,7 @@ defaults
 
 frontend IST_8443
         mode http
-        bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+        bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
 #       log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
         log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
         option httplog
@@ -88,6 +88,15 @@ frontend IST_8443
         http-request set-header X-AAI-SSL-Client-ST             %{+Q}[ssl_c_s_dn(ST)]
         http-request set-header X-AAI-SSL-Client-C              %{+Q}[ssl_c_s_dn(C)]
         http-request set-header X-AAI-SSL-Client-O              %{+Q}[ssl_c_s_dn(O)]
+#######################################
+## Request blocking configuration ###
+#######################################
+        {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
+        {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
+        {{ $custom_config }}
+        {{- end }}
+        {{- end }}
+
         reqadd X-Forwarded-Proto:\ https
         reqadd X-Forwarded-Port:\ 8443
 
@@ -106,7 +115,7 @@ frontend IST_8443
 
 
 #######################
-#DEFAULT BACKEND 847###
+#DEFAULT BACKEND 8447##
 #######################
 
 backend IST_Default_8447