From bdc2a608264eea53238c73987beafdadf0fe60bb Mon Sep 17 00:00:00 2001 From: Aapo Talvensaari Date: Fri, 16 Feb 2024 14:07:15 +0200 Subject: [PATCH] chore(conf): enable grpc_ssl_conf_command too (#12548) ### Summary The #12420 by @Water-Melon forgot to add `grpc_ssl_conf_command`. This commit adds that. Signed-off-by: Aapo Talvensaari (cherry picked from commit 84cb1be01d8e9a241e8a2b3afd6d55bb184e605b) --- kong/conf_loader/parse.lua | 1 + kong/templates/kong_defaults.lua | 1 + kong/templates/nginx_kong.lua | 1 + 3 files changed, 3 insertions(+) diff --git a/kong/conf_loader/parse.lua b/kong/conf_loader/parse.lua index bcdb9f0ff466..a4775b2f6709 100644 --- a/kong/conf_loader/parse.lua +++ b/kong/conf_loader/parse.lua @@ -438,6 +438,7 @@ local function check_and_parse(conf, opts) "nginx_http_ssl_conf_command", "nginx_http_proxy_ssl_conf_command", "nginx_http_lua_ssl_conf_command", + "nginx_http_grpc_ssl_conf_command", "nginx_stream_ssl_conf_command", "nginx_stream_proxy_ssl_conf_command", "nginx_stream_lua_ssl_conf_command"}) do diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index 5c3931f95927..ef78afcdfe52 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -94,6 +94,7 @@ nginx_http_ssl_session_timeout = NONE nginx_http_ssl_conf_command = NONE nginx_http_proxy_ssl_conf_command = NONE nginx_http_lua_ssl_conf_command = NONE +nginx_http_grpc_ssl_conf_command = NONE nginx_http_lua_regex_match_limit = 100000 nginx_http_lua_regex_cache_max_entries = 8192 nginx_http_keepalive_requests = 10000 diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua index 8cd97849c0e6..07526a54a967 100644 --- a/kong/templates/nginx_kong.lua +++ b/kong/templates/nginx_kong.lua @@ -28,6 +28,7 @@ underscores_in_headers on; lua_ssl_conf_command CipherString DEFAULT:@SECLEVEL=0; proxy_ssl_conf_command CipherString DEFAULT:@SECLEVEL=0; ssl_conf_command CipherString DEFAULT:@SECLEVEL=0; +grpc_ssl_conf_command CipherString DEFAULT:@SECLEVEL=0; > end > if ssl_ciphers then ssl_ciphers ${{SSL_CIPHERS}};