Versions Compared

Old Version 2

changes.mady.by.user Ashhad Alam

Saved on

compared with

New Version Current

changes.mady.by.user Ashhad Alam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page describes what all you need to do if you are using Nginx Ingress Controller as a front-end for Webapp Gateway.

...

  1. Run the following Kubectl command to copy the certificate to the PVC or shared storage volume for the Webapp Gateway pod.

    Code Block
    languagecss
    themeMidnight
    Kubectl --namespace <namepace_name> cp <local_path_for_SSL_certificate> <pod_name>:shared/truststore/<SSL_certificate_name>


  2. Navigate to the Microservice pod (Eg. Webrunner) by running the following command.

    Code Block
    languagecss
    themeMidnight
    Kubectl --namespace <namespace_name> exec -it <pod_name> -- sh


  3. Run the following Keytool command to import the certificate.

    Code Block
    languagecss
    themeMidnight
    keytool -import -trustcacerts -file <Path_of_SSL_Certificate> -alias <alias_name> -keystore <Path of cacerts file>

    Where,

              <Path_of_SSL_Certificate> is the path of SSL certificate.

              <Path of cacerts file> is the path of Truststore.

    For example,

    Code Block
    languagecss
    themeMidnight
    keytool -import -trustcacerts -file shared/truststore/ssl-certs.cer -alias adeptia -keystore shared/truststore/cacerts

    You'll be prompted to enter a password. Enter the default password changeit.

  4. Run the exit command to exit from the pod shell.
  5. Restart all the Microservices to bring the changes into effect.

...

  1. Open the ConfigMap of Nginx Ingress Controller in edit mode using the following command.

    Code Block
    languagecss
    themeMidnight
    Kubectl edit configmap <name of the Nginx Ingress Controller ConfigMap> -n <namespace in which Nginx Ingress Controller is deployed>


  2. Add the property, enable-underscores-in-headers, with its value as true, in the data section of the ConfigMap as shown in the example below.
  3. Save the ConfigMap, and restart the Nginx Ingress Controller deployment.

Handling large sized SAML response

When you use SAML for login, two cookies, "Access Token" and "SAML User Attributes", are created as a part of the SAML response. These cookies, if larger in size, can result in larger response (more than 8KB) which eventually may cause 502 Bad gateway error. To manage the size of the SAML response, follow the steps given below:

  1. Run the following command to open the ingress resource in edit mode.

    Code Block
    languagecss
    themeMidnight
    kubectl edit ingress <name of the ingress resource> -n <namespace where the ingress is deployed> 


  2. In the ingress resource, add the annotation nginx.ingress.kubernetes.io/proxy-buffer-size and provide a required value for it as highlighted in the image below.

    Image Added
  3. Save the file.
     

...

Related page

Configuring SSL in Microservicesmicroservices