diff --git a/charts/tests/__snapshots__/helmunit_test.snap b/charts/tests/__snapshots__/helmunit_test.snap index 709d4065ce..391e579255 100755 --- a/charts/tests/__snapshots__/helmunit_test.snap +++ b/charts/tests/__snapshots__/helmunit_test.snap @@ -442,6 +442,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -909,6 +911,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -1446,6 +1450,8 @@ spec: - -weight-changes-dynamic-reload=false - -agent=true - -agent-instance-group=app-protect-waf-agentv2-nginx-ingress-controller + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -1960,6 +1966,7 @@ spec: mountPath: /opt/app_protect/config - name: app-protect-bundles mountPath: /etc/app_protect/bundles + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -2542,6 +2549,7 @@ spec: mountPath: /opt/app_protect/config - name: app-protect-bundles mountPath: /etc/app_protect/bundles + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -2955,6 +2963,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -3398,6 +3408,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -3841,6 +3853,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -4285,6 +4299,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -4749,6 +4765,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -5194,6 +5212,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -6150,6 +6170,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -6617,6 +6639,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -7094,6 +7118,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -7552,6 +7578,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -8010,6 +8038,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 @@ -8478,6 +8508,8 @@ spec: - -ssl-dynamic-reload=true - -enable-telemetry-reporting=true - -weight-changes-dynamic-reload=false + + minReadySeconds: 0 /-/-/-/ # Source: nginx-ingress/templates/controller-ingress-class.yaml apiVersion: networking.k8s.io/v1 diff --git a/internal/configs/version2/__snapshots__/templates_test.snap b/internal/configs/version2/__snapshots__/templates_test.snap index 166c030485..82557bf4ef 100644 --- a/internal/configs/version2/__snapshots__/templates_test.snap +++ b/internal/configs/version2/__snapshots__/templates_test.snap @@ -1116,6 +1116,8 @@ server { proxy_cache jwks_uri_cafe; proxy_cache_valid 200 12h; proxy_set_header Host idp.spec.example.com; + proxy_ssl_name idp.spec.example.com; + proxy_ssl_server_name on; set $idp_backend idp.spec.example.com; proxy_pass https://$idp_backend:443/spec-keys; } @@ -1126,6 +1128,8 @@ server { proxy_cache jwks_uri_cafe; proxy_cache_valid 200 12h; proxy_set_header Host idp.route.example.com; + proxy_ssl_name idp.route.example.com; + proxy_ssl_server_name on; set $idp_backend idp.route.example.com; proxy_pass http://$idp_backend:80/route-keys; } @@ -1236,6 +1240,8 @@ server { proxy_cache jwks_uri_cafe; proxy_cache_valid 200 12h; proxy_set_header Host idp.spec.example.com; + proxy_ssl_name idp.spec.example.com; + proxy_ssl_server_name on; set $idp_backend idp.spec.example.com; proxy_pass https://$idp_backend:443/spec-keys; } @@ -1246,6 +1252,8 @@ server { proxy_cache jwks_uri_cafe; proxy_cache_valid 200 12h; proxy_set_header Host idp.route.example.com; + proxy_ssl_name idp.route.example.com; + proxy_ssl_server_name on; set $idp_backend idp.route.example.com; proxy_pass http://$idp_backend:80/route-keys; } diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index dd08f53014..8a63b01681 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -238,6 +238,8 @@ server { {{- end }} {{- with .JwksURI }} proxy_set_header Host {{ .JwksHost }}; + proxy_ssl_name {{ .JwksHost }}; + proxy_ssl_server_name on; set $idp_backend {{ .JwksHost }}; proxy_pass {{ .JwksScheme}}://$idp_backend{{ if .JwksPort }}:{{ .JwksPort }}{{ end }}{{ .JwksPath }}; {{- end }}