Breadcrumbs

Restrict EJBCA Access to HTTPS (TLS)

For enhanced security, you can restrict EJBCA access by enforcing HTTPS (TLS) and disabling plain HTTP.

Below are example configurations to configure HTTPS-only access by updating the corresponding values.yaml file.

Using Ingress

Add the following configurations to the values.yaml:

YAML
# set services.proxyHttp.httpPort to empty value
services:
  proxyHttp:
    httpPort:

# enforce ssl-redirect at ingress
ingress:
  enabled: true
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
  # other mandatory configurations are omitted for brevity

Using LoadBalancer

Add the following configurations to the values.yaml:

YAML
# set nginx.service.httpPort to empty value
nginx:
  enabled: true
  service:
    type: LoadBalancer
    httpPort:
  # other mandatory configurations are omitted for brevity

# set services.proxyHttp.httpPort to empty value
services:
  proxyHttp:
    httpPort:


With these configurations, EJBCA access is restricted to only HTTPS.