diff --git a/examples/multi-tls/haproxy/README.md b/examples/multi-tls/haproxy/README.md new file mode 100644 index 0000000000..402585f8a6 --- /dev/null +++ b/examples/multi-tls/haproxy/README.md @@ -0,0 +1,73 @@ +# HAProxy Multi TLS certificate termination + +This examples uses 2 different certificates to terminate SSL for 2 hostnames. + +## Prerequisites + +This document has the following prerequisites: + +* Deploy [HAProxy Ingress controller](/examples/deployment/haproxy), you should end up with controller, a sample web app and default TLS secret +* Create [*two* secrets](/examples/PREREQUISITES.md#tls-certificates) named `foobar-ssl` with subject `'/CN=foo.bar'` and `barfoo-ssl` with subject `'/CN=bar.foo'` + +As mentioned in the deployment instructions, you MUST turn down any existing +ingress controllers before running HAProxy Ingress. + +## Using a new TLS certificate + +Update ingress resource in order to add TLS termination to two hosts: + +```console +$ kubectl replace -f ingress-multi-tls.yaml +``` + +Trying without host: + +```console +$ curl -iL 10.129.51.55:30221 +HTTP/1.1 404 Not Found +Date: Tue, 28 Mar 2017 07:32:34 GMT +Content-Length: 21 +Content-Type: text/plain; charset=utf-8 + +default backend - 404 +``` + +Telling the controller we are `foo.bar` or `bar.foo`: + +```console +$ curl -iL 10.129.51.55:36462 -H 'Host: foo.bar' +HTTP/1.1 302 Found +Cache-Control: no-cache +Content-length: 0 +Location: https://foo.bar/ +Connection: close +$ curl -iL 10.129.51.55:36462 -H 'Host: bar.foo' +HTTP/1.1 302 Found +Cache-Control: no-cache +Content-length: 0 +Location: https://bar.foo/ +Connection: close +^C +``` + +Note the `Location` header - this would redirect us to the correct server. + +Checking the certificate - change below `31578` to the TLS port: + +```console +$ openssl s_client -connect 10.129.51.55:31578 -servername foo.bar +... +subject=/CN=foo.bar +issuer=/CN=foo.bar +--- +``` + +... and `bar.foo` certificate: + +```console +$ openssl s_client -connect 10.129.51.55:31578 -servername bar.foo +... +subject=/CN=bar.foo +issuer=/CN=bar.foo +--- +``` \ No newline at end of file diff --git a/examples/multi-tls/haproxy/ingress-multi-tls.yaml b/examples/multi-tls/haproxy/ingress-multi-tls.yaml new file mode 100644 index 0000000000..f97eb5eba4 --- /dev/null +++ b/examples/multi-tls/haproxy/ingress-multi-tls.yaml @@ -0,0 +1,27 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: app +spec: + tls: + - hosts: + - foo.bar + secretName: foobar-ssl + - hosts: + - bar.foo + secretName: barfoo-ssl + rules: + - host: foo.bar + http: + paths: + - path: / + backend: + serviceName: back-svc1 + servicePort: 8080 + - host: bar.foo + http: + paths: + - path: / + backend: + serviceName: back-svc2 + servicePort: 8080 diff --git a/examples/multi-tls/README.md b/examples/multi-tls/nginx/README.md similarity index 100% rename from examples/multi-tls/README.md rename to examples/multi-tls/nginx/README.md diff --git a/examples/multi-tls/multi-tls.yaml b/examples/multi-tls/nginx/multi-tls.yaml similarity index 100% rename from examples/multi-tls/multi-tls.yaml rename to examples/multi-tls/nginx/multi-tls.yaml