Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
🚀
This server has been upgraded to GitLab release
15.7
.
🚀
Open sidebar
helm-charts
Shibboleth SP
Helm Chart
Commits
ff01b5a6
Commit
ff01b5a6
authored
Mar 23, 2021
by
Sandro Mathys
Browse files
add ssl backend capabilities
parent
3fc82618
Changes
4
Hide whitespace changes
Inline
Side-by-side
chart/templates/configmap-apache.yaml
View file @
ff01b5a6
...
...
@@ -52,6 +52,7 @@ metadata:
{{
- include "shibboleth-sp.frontend.labels" . | nindent 4
}}
data
:
000-basics.conf
:
|
# These modules are essential
# LoadModule log_config_module modules/mod_log_config.so # built-in
# LoadModule unixd_module modules/mod_unixd.so # built-in
LoadModule authn_core_module modules/mod_authn_core.so
...
...
@@ -60,6 +61,10 @@ data:
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
{{
- if .Values.frontend.apache.enableSSL
}}
001-ssl.conf
:
|
LoadModule ssl_module modules/mod_ssl.so
{{
- end
}}
010-shibboleth.conf
:
|
LoadModule mod_shib modules/mod_shib.so
...
...
@@ -92,15 +97,19 @@ data:
CustomLog "/dev/stdout" custom
ErrorLog "/dev/stderr"
ProxyPreserveHost "{{ .Values.frontend.apache.proxyPreserveHost | default "off" }}"
{{- if .Values.frontend.apache.enableSSL }}
SSLProxyEngine "on"
{{- end }}
<VirtualHost _default_:8080>
UseCanonicalName
O
n
UseCanonicalName
o
n
ServerName https://{{ tpl .Values.global.domainName . }}
ServerAlias https://*.{{ tpl .Values.global.domainName . }}
ServerAlias http://{{ tpl .Values.global.domainName . }}
ServerAlias http://*.{{ tpl .Values.global.domainName . }}
ProxyPreserveHost On
ProxyPass "/" "{{ .Values.frontend.apache.remoteURL }}"
ProxyPassReverse "/" "{{ .Values.frontend.apache.remoteURL }}"
...
...
chart/templates/cronjob.yaml
View file @
ff01b5a6
...
...
@@ -32,6 +32,6 @@ spec:
# replace secret with new sealer keys
kubectl create secret generic {{ include "shibboleth-sp.sealerKeys.secretName" . }} --from-file=/dev/shm/sealer.keys --dry-run=client -o yaml | kubectl replace --save-config -f-
# restart all pods in deployment in order to pick up new secret
kubectl rollout restart {{ include "shibboleth-sp.fullname" . }}
kubectl rollout restart
deploy
{{ include "shibboleth-sp.fullname" . }}
restartPolicy
:
OnFailure
{{
- end -
}}
chart/values.yaml
View file @
ff01b5a6
...
...
@@ -233,9 +233,13 @@ frontend:
extraModulesConfig
:
"
"
extraSitesConfig
:
"
"
# enable SSL/TLS, i.e. load mod_ssl and enable SSLProxyEngine
enableSSL
:
false
# Settings for the actual apache/proxy config.
# They are not used if `sitesConfigMap` is specified above.
logLevel
:
"
"
# default: "warn"
logFormat
:
"
"
# default: "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
remoteURL
:
"
"
# must be absolute (i.e. starting with http:// or https://)
logLevel
:
"
"
# default: "warn"
logFormat
:
"
"
# default: "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
proxyPreserveHost
:
"
"
# default: "off"
remoteURL
:
"
"
# must be absolute (i.e. starting with http:// or https://)
accessRules
:
"
"
ci/values.yaml
View file @
ff01b5a6
...
...
@@ -24,7 +24,9 @@ backend:
frontend
:
apache
:
remoteURL
:
https://www.switch.ch
enableSSL
:
true
remoteURL
:
"
https://os.zhdk.cloud.switch.ch/swift/v1/shibboleth-sp-helm-chart-demo-page/"
accessRules
:
|
Require shib-attr homeOrganization switch.ch
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment