Ingress

URL:: https://<root>/security/ingress
Methods:: GET
Operations:: Update Configuration
Required Capability:: Access allowed with the "Security and infrastructure" privilege
Version Introduced:: 10.9

Description

The ingress resource returns the currently configured security information for the Ingress controller. You can update ingress security configuration properties using the Update operation. The update operation must be used when adding an imported wildcard certificate for the Ingress controller.

Request parameters

Parameter	Details
`f`	The response format. The default format is `html`. Values: `html` \| `json` \| `pjson`

Response properties

Property	Details
`cipherSuites`	The cipher suites, in OpenSSL format, used by the Ingress controller. The cipher suites listed below, in both OpenSSL and Internet Assigned Numbers Authority (IANA) format, are configured by default and work for TLSv1.2 and TLSv1.3. If the TLS protocols TLSv1 or TLSv1.1 are specified in the `httpsProtocols` property, the cipher suites must be updated accordingly. `ECDHE-ECDSA-AES128-GCM-SHA256` [IANA: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`] `ECDHE-RSA-AES128-GCM-SHA256` [IANA: `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`] `ECDHE-ECDSA-AES256-GCM-SHA384` [IANA: `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`] `ECDHE-RSA-AES256-GCM-SHA384` [IANA: `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`] `ECDHE-ECDSA-CHACHA20-POLY1305` [IANA: `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`] `ECDHE-RSA-CHACHA20-POLY1305` [IANA: `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`]
`httpsProtocols`	A comma-separated list that specifies the TLS protocols the Ingress controller will support. `TLSv1.2` is enabled by default. Protocol values `TLSv1`, `TLSv1.1`, and `TLSv1.3` are also supported.
`tlsSecretName`	The name of a user-defined TLS secret that exists in the same namespace as ArcGIS Enterprise on Kubernetes, which contains the wildcard certificate that will be used by the Ingress controller. This property must be specified if `isTlsSecretSystemManaged` is set to `false`.
`identityCertificateName`	Specifies the identity wildcard certificate that will be used by the Ingress controller. The certificate must have already been imported and given an alias. The alias of the imported certificate will be passed as the value for this property. This property must be set if `isTlsSecretSystemManaged` is set to `true`.
`hstsEnabled`	A Boolean that indicates whether HTTP Strict Transport Security (HSTS) is enabled by the Ingress controller. Values: `true` \| `false`
`isTlsSecretSystemManaged`	Specifies where the identity certificate used by the Ingress controller is stored. If `true`, the `identityCertificateName` value must be set to use the alias of an existing imported identity certificate. If `false`, a user-defined TLS secret must exist and the `tlsSecretName` value must be specified and match the name of the TLS secret. Values: `true` \| `false`

Example usage

The following is a sample request URL used to access the ingress resource:

Use dark colors for code blocksCopy
https://organization.domain.com/context/admin/security/ingress?f=pjson

JSON Response example

Use dark colors for code blocksCopy
{
  "cipherSuites": "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA",
  "httpsProtocols": "TLSv1.2 TLSv1.3",
  "tlsSecretName": "arcgis-ingress-cert",
  "identityCertificateName": "ingress",
  "hstsEnabled": false,
  "isTlsSecretSystemManaged": true
}