Version: 1.4.x

TLS

We recommend that you enable HTTPS on your deployment.

The recommended way of doing it is to enable SSL on either the ingress controller or the load balancer serving the ingress. Please refer to the documentation of your cloud provider / ingress controller.

You can also configure the Nginx reverse proxy in the chart to use SSL. To do so, you need a PEM-encoded private key file (privkey.pem) and a PEM-encoded certificate chain file (fullchain.pem). You can generate SSL certificates (for example using Let’s encrypt). Provide their content in a secret, which looks like the following:

apiVersion: "v1"
kind: "Secret"
metadata:
name: <your secret name>
type: "Opaque"
stringData:
privkey.pem: <content of the private key file>
fullchain.pem: <content of the certificate chain file>

Then specify the name of this secret in your override file:

nginx:
certificateSecret: "<your secret name>"

This will automatically be mounted in the correct place within the Nginx pod.