X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fresources%2Fconfig%2Fhaproxy%2Fhaproxy-pluggable-security.cfg;h=6e7acef17f56a2ec52783083730a05e29d7e1b85;hb=116dcb01068e8ab4e79642f2affd7e8a2952307e;hp=b05ffaeaf2bc665aec3709a5c0f8c87c4aa97a38;hpb=47eb4d2c38499bd60cdfb01010319ed5bf4ac45f;p=oom.git diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index b05ffaeaf2..6e7acef17f 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -62,7 +62,7 @@ defaults frontend IST_8443 mode http - bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem + bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem # log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" option httplog @@ -88,6 +88,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 @@ -106,7 +115,7 @@ frontend IST_8443 ####################### -#DEFAULT BACKEND 847### +#DEFAULT BACKEND 8447## ####################### backend IST_Default_8447