-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow specifying custom dh param #402
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. Once you've signed, please reply here (e.g. "I signed it!") and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
I signed it! |
Coverage decreased (-0.4%) to 45.915% when pulling f41e8fd06d83155e987c0f7f4d8f5ce34072967c on glerchundi:master into fedf342 on kubernetes:master. |
I already tested it empirically and seems to works, I pushed an image with this change in case you wanted to test yourself: Create the dh containing secret:
And the configmap with the actual secret pointer:
Enough. /cc @aledbf |
added an example, rebased and squashed to one commit |
This is nice, indeed I've tested the also the dhparam and got this error, but forgot to check. Just a question, is it interesting to generate a default-dh-param also, as there is a default-ssl-certificate? This could give us to a 'more secure' default backend, but does not need to be present (it's optional). |
@rikatz the difference here is that we need to share the dh param if you are running multiple instances. |
/lgtm |
@aledbf yeap, but DH Param may be served for each vhost also. My doubt is that if we couldn't create this also for the default backends :) But this is good for me now, we can improve this later :) |
@glerchundi thanks! |
fixes #162