.

ingress-external-devices/firewall.yaml

@@ -30,18 +30,23 @@ metadata:
     cert-manager.io/cluster-issuer: letsencrypt
 
     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-    nginx.ingress.kubernetes.io/upstream-vhost: "firewall.undercloud.local"
+
+    # keep TLS/SNI to the upstream's internal cert name
     nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
     nginx.ingress.kubernetes.io/proxy-ssl-name: "firewall.undercloud.local"
     nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
 
+    # rewrite redirects/cookies
     nginx.ingress.kubernetes.io/proxy-redirect-from: "https://firewall.undercloud.local:4444/"
-    nginx.ingress.kubernetes.io/proxy-redirect-to: "https://firewall-admin.apps.undercloud.dev/"
+    nginx.ingress.kubernetes.io/proxy-redirect-to:   "https://firewall-admin.apps.undercloud.dev/"
     nginx.ingress.kubernetes.io/proxy-cookie-domain: "firewall.undercloud.local firewall-admin.apps.undercloud.dev"
     nginx.ingress.kubernetes.io/proxy-cookie-path: "/ /"
 
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+
     nginx.ingress.kubernetes.io/configuration-snippet: |
-      proxy_set_header Host firewall.undercloud.local;
+      proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Host $host;
       proxy_set_header X-Forwarded-Proto https;
       proxy_set_header X-Forwarded-Port 443;