Used TLS termination on Nginx controller, configured Nginx to pass all encrypted traffic directly to the backend end web server. The traffic remains encrypted between all backend web servers.
- Created HTTPS HAProxy controller with dynamic IP address (TLS configuration) for basic ingress route eclwatch, configured an FQDN (Fully Qualified Domain Name) for the controller IP, which the application is accessible over. Cert-manager is used to automatically generate and configure Let’s Encrypt certificates.
- Configured HAProxy controller with static public IP address for basic ingress route eclwatch, using the cert-manager project to generate and encrypt TLS certificates. Then, applications are accessible over the external IP address.
Use HTTP application routing with HAProxy to route HTTP and HTTPS traffic to different hosts. This allows for easy setups of multiple domains on one host machine where each domain is a different port on the current host. HAProxy can route based on any information found in the HTTP request, including portions of the URL path, query string, and HTTP headers.
Tested HAProxy rewrite annotations, SSL redirect annotation on ConfigMap for encrypting the communication in route for HPCC components by using HTTPS, placing HAProxy in front of servers and configuring it to reroute users from HTTP to HTTPS automatically. HAProxy,
ingress.kubernetes.io/ssl-redirect: "true"Configured self-signed certificate for HPCC with HAProxy, deploying the HAProxy ingress controller in Azure Kubernetes Service (AKS) cluster. Generated tls certificates with open SSL, and created a Kubernetes secret for use with the ingress route.
