github.com/projectcontour/contour@v1.28.2/site/content/guides/tls.md

github.com/projectcontour/contour@v1.28.2/site/content/guides/tls.md (about)

     1  ---
     2  title: TLS support
     3  layout: page
     4  ---
     5  
     6  # TLS support
     7  
     8  Contour supports HTTPS (TLS/SSL) ingress by integrating Envoy's SNI support.
     9  Certificates must be provisioned which are saved as Kubernetes secrets and get passed to Envoy.
    10  A common way to implement this is to use [JetStack's Cert Manager][3].
    11  
    12  ## Enabling TLS support
    13  
    14  Enabling TLS support requires Contour version 0.3 or later. You must also add an [entry for port 443][1] to your `contour` service object.
    15  
    16  ## Configuring TLS with Contour on an ELB
    17  
    18  If you deploy behind an AWS Elastic Load Balancer, see [EC2 ELB PROXY protocol support][2] for special instructions.
    19  
    20  ## TLS SNI name matching
    21  Envoy SNI name matching during TLS handshake is case-sensitive.
    22  For example, for a cert with common name foo.bar.com, requests to Foo.bar.com would not match.
    23  Similarly, for cert with wildcard name \*.bar.com, only requests to lower case name will match.
    24  Here is the [known issue][4] reported on Envoy.
    25  
    26  [1]: {{< param github_url >}}/tree/{{< param latest_version >}}/examples/contour/03-contour.yaml/#L45
    27  [2]: /guides/proxy-proto
    28  [3]: /guides/cert-manager
    29  [4]: https://github.com/envoyproxy/envoy/issues/6199