[POLICY] Migration of clamp to policy area

[oom.git] / kubernetes / policy / components / policy-clamp-fe / resources / config / default.conf

diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
new file mode 100644 (file)
index 0000000..4cab734
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
@@ -0,0 +1,31 @@
+server {
+
+  listen 2443 default ssl;
+  ssl_protocols TLSv1.2;
+  {{ if .Values.global.aafEnabled }}
+  ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+  ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+  {{ else }}
+  ssl_certificate /etc/ssl/clamp.pem;
+  ssl_certificate_key /etc/ssl/clamp.key;
+  {{ end }}
+
+  ssl_verify_client optional_no_ca;
+    location /restservices/clds/ {
+        proxy_pass https://policy-clamp-be:8443;
+        proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
+    }
+
+  location / {
+    root   /usr/share/nginx/html;
+    index  index.html index.htm;
+    try_files $uri $uri/ /index.html;
+  }
+
+  error_page   500 502 503 504  /50x.html;
+
+  location = /50x.html {
+    root   /usr/share/nginx/html;
+  }
+
+}