Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Avoid redirecting ACME requests to https scheme (#660)
* Avoid redirecting ACME requests to https scheme
* Don't project empty tls pem files
  • Loading branch information
tamalsaha committed Dec 13, 2017
1 parent 99de0d3 commit 971cb86
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
3 changes: 2 additions & 1 deletion hack/docker/voyager/templates/default-frontend.cfg
Expand Up @@ -24,7 +24,8 @@ frontend http-frontend

{{- if .SSLRedirect }}
acl is_proxy_https hdr(X-Forwarded-Proto) https
redirect scheme https code 301 if ! is_proxy_https
acl acme_req path_beg /.well-known/acme-challenge/
redirect scheme https code 301 if ! is_proxy_https ! acme_req
{{ end -}}

{{- if .ProxyBodySize -}}
Expand Down
3 changes: 2 additions & 1 deletion hack/docker/voyager/templates/http-frontend.cfg
Expand Up @@ -38,7 +38,8 @@ frontend {{ .FrontendName }}

{{- if and .SSLRedirect (eq .Port 80) }}
acl is_proxy_https hdr(X-Forwarded-Proto) https
redirect scheme https code 301 if ! is_proxy_https
acl acme_req path_beg /.well-known/acme-challenge/
redirect scheme https code 301 if ! is_proxy_https ! acme_req
{{ end -}}

{{- if .BasicAuth }}
Expand Down
4 changes: 3 additions & 1 deletion pkg/tlsmounter/certificate_crd.go
Expand Up @@ -158,6 +158,8 @@ func (c *Controller) projectCertificate(r *api.Certificate, projections map[stri
if err != nil {
return err
}
projections["tls/"+r.SecretName()+".pem"] = ioutilz.FileProjection{Mode: 0755, Data: certificateToPEMData(pemCrt, pemKey)}
if pemCrt != nil && pemKey != nil {
projections["tls/"+r.SecretName()+".pem"] = ioutilz.FileProjection{Mode: 0755, Data: certificateToPEMData(pemCrt, pemKey)}
}
return nil
}

0 comments on commit 971cb86

Please sign in to comment.