| server { |
| |
| listen 2443 default ssl; |
| ssl_protocols TLSv1.2; |
| {{ if .Values.global.aafEnabled }} |
| ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; |
| ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; |
| {{ else }} |
| ssl_certificate /etc/ssl/clamp.pem; |
| ssl_certificate_key /etc/ssl/clamp.key; |
| {{ end }} |
| |
| ssl_verify_client optional_no_ca; |
| location /restservices/clds/ { |
| proxy_pass https://policy-clamp-be:8443; |
| proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; |
| } |
| |
| location / { |
| root /usr/share/nginx/html; |
| index index.html index.htm; |
| try_files $uri $uri/ /index.html; |
| } |
| |
| error_page 500 502 503 504 /50x.html; |
| |
| location = /50x.html { |
| root /usr/share/nginx/html; |
| } |
| |
| } |