File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -63,6 +63,7 @@ setting description
6363/deis/router/serverNameHashMaxSize nginx server_names_hash_max_size setting (default: 512)
6464/deis/router/serverNameHashBucketSize nginx server_names_hash_bucket_size (default: 64)
6565/deis/router/sslCert cluster-wide SSL certificate
66+ /deis/router/sslCiphers cluster-wide enabled SSL ciphers
6667/deis/router/sslKey cluster-wide SSL private key
6768/deis/router/workerProcesses nginx number of worker processes to start (default: auto i.e. available CPU cores)
6869/deis/router/proxyProtocol nginx PROXY protocol enabled
Original file line number Diff line number Diff line change @@ -7,4 +7,8 @@ listen 443 ssl spdy{{ if exists "/deis/router/proxyProtocol" }} proxy_protocol{{
77ssl_certificate /etc/ssl/deis.cert;
88ssl_certificate_key /etc/ssl/deis.key;
99ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
10+ {{ if exists "/deis/router/sslCiphers" }}
11+ ssl_ciphers '{{ getv "/deis/router/sslCiphers" }}';
12+ ssl_prefer_server_ciphers on;
13+ {{ end }}
1014{{ end }}
Original file line number Diff line number Diff line change @@ -184,6 +184,10 @@ http {
184184 ssl_certificate /etc/ssl /deis/certs/{{ $app_domain }} .cert;
185185 ssl_certificate_key /etc/ssl /deis/keys/{{ $app_domain }} .key;
186186 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
187+ {{ if exists "/deis/router/sslCiphers" }}
188+ ssl_ciphers '{{ getv "/deis/router/sslCiphers" }}' ;
189+ ssl_prefer_server_ciphers on;
190+ {{ end }}
187191 {{ /* if there's no app SSL cert but we have a router SSL cert, enable that instead */}}
188192 {{ /* TODO ( bacongobbler) : wait for https://github.com/kelseyhightower/confd/issues/270 */}}
189193 {{ /* so we can apply this config to just subdomains of the platform domain. */}}
You can’t perform that action at this time.
0 commit comments