This is an automated email from the ASF dual-hosted git repository. cbickel pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push: new 22c0807 Assure nginx verifies downstream ssl certs. (#3658) 22c0807 is described below commit 22c0807b9eae20af9acc70b91a1943dd35a95092 Author: Vadim Raskin <raskinva...@gmail.com> AuthorDate: Wed May 16 13:00:16 2018 +0200 Assure nginx verifies downstream ssl certs. (#3658) --- ansible/roles/nginx/templates/nginx.conf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2 index 61ea6fb..a86593f 100644 --- a/ansible/roles/nginx/templates/nginx.conf.j2 +++ b/ansible/roles/nginx/templates/nginx.conf.j2 @@ -26,6 +26,8 @@ http { {% if controller.protocol == 'https' %} proxy_ssl_session_reuse on; proxy_ssl_name {{ controller.ssl.cn }}; + proxy_ssl_verify on; + proxy_ssl_trusted_certificate /etc/nginx/{{ controller.ssl.cert }}; proxy_ssl_protocols TLSv1.1 TLSv1.2; proxy_ssl_certificate /etc/nginx/{{ controller.ssl.cert }}; proxy_ssl_certificate_key /etc/nginx/{{ controller.ssl.key }}; @@ -90,7 +92,6 @@ http { ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_prefer_server_ciphers on; - proxy_ssl_verify off; proxy_ssl_session_reuse on; # proxy to the web action path -- To stop receiving notification emails like this one, please contact cbic...@apache.org.