The entire Science Platform uses the same external hostname and relies on NGINX merging all the ingresses into a single virtual host with a single TLS configuration.
As discussed in Hostnames and TLS, TLS for the Science Platform can be configured with either a default certificate in
ingress-nginx or through Let’s Encrypt with the DNS solver.
If an installation is using Let’s Encrypt with the DNS solver, no further configuration of the NGINX ingress is required.
cert-manager for setup information.
When using a commercial certificate, that certificate should be configured in the
ingress-nginx for that environment.
Specifically, add the following under
And at the top level, add:
Then, in the Vault key named
ingress-nginx in the Vault enclave for that environment, store the commercial certificate.
The Vault secret must have two keys:
The first must contain the full public certificate chain.
The second must contain the private key (without a passphrase).
For an example of an environment configured this way, see /applications/ingress-nginx/values-minikube.yaml