Add SSL directive to nginx block

grafana · Feb 21, 2024 · ad63ded · ad63ded
1 parent 20c4f98
commit ad63ded
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 11 deletions.
diff --git a/production/helm/loki/templates/_helpers.tpl b/production/helm/loki/templates/_helpers.tpl
@@ -704,20 +704,17 @@ http {
   {{- end }}
 
   server {
-    listen              443 ssl;
-    ssl_certificate     /var/tls/tls.crt;
-    ssl_certificate_key /var/tls/tls.key;
-    ssl_protocols       TLSv1.2 TLSv1.3;
-    server_name loki-memberlist;
-    ssl_ciphers         HIGH:!aNULL:!MD5;
-    ssl_client_certificate /var/client-tls/tls.crt;
-    ssl_verify_client   on;
-    ssl_trusted_certificate /var/root-tls/tls.crt;
-
+    {{- if (.Values.gateway.nginxConfig.ssl) }}
     listen             8080 ssl;
     {{- if .Values.gateway.nginxConfig.enableIPv6 }}
     listen             [::]:8080 ssl;
     {{- end }}
+    {{- else }}
+    listen             8080 ssl;
+    {{- if .Values.gateway.nginxConfig.enableIPv6 }}
+    listen             [::]:8080 ssl;
+    {{- end }}
+    {{- end }}
 
     {{- if .Values.gateway.basicAuth.enabled }}
     auth_basic           "Loki";
@@ -781,7 +778,7 @@ http {
     {{- $queryFrontendUrl = $readUrl }}
     {{- $indexGatewayUrl = $backendUrl }}
     {{- $rulerUrl = $backendUrl }}
-    {{- end -}}-}}
+    {{- end -}}
 
     # Distributor
     location = /api/prom/push {

diff --git a/production/helm/loki/values.yaml b/production/helm/loki/values.yaml
@@ -2360,6 +2360,8 @@ gateway:
     # -- Allows appending custom configuration to the http block, passed through the `tpl` function to allow templating
     httpSnippet: >-
       {{ if .Values.loki.tenants }}proxy_set_header X-Scope-OrgID $remote_user;{{ end }}
+    # -- Whether ssl should be appended to the listen directive of the server block or not.
+    ssl: false
     # -- Override Read URL
     customReadUrl: null
     # -- Override Write URL