Updated (Ingress Configuration)

URL:
https://<root>/security/ingress/update
Methods:
POST
Required Capability:
Access allowed with the "Security and infrastructure" privilege
Version Introduced:
10.9

Description

The update operation modifies the security configuration implemented by the Ingress controller. The update operation can also be used to specify a wildcard certificate for the Ingress controller.

Request parameters

ParameterDetails

ingressSecurityConfig

The JSON object representing the Ingress security configuration.

f

The response format. The default format is html.

Values: html | json | pjson

Ingress security configuration properties

PropertyDetails

cipherSuites

The cipher suites, in OpenSSL format, used by the Ingress controller. The cipher suites listed below, in both OpenSSL and Internet Assigned Numbers Authority (IANA) format, are configured by default and work for TLSv1.2 and TLSv1.3. If the TLS protocols TLSv1 or TLSv1.1 are specified in the httpsProtocols property, the cipher suites must be updated accordingly.

  • ECDHE-ECDSA-AES128-GCM-SHA256 [IANA: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
  • ECDHE-RSA-AES128-GCM-SHA256 [IANA: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
  • ECDHE-ECDSA-AES256-GCM-SHA384 [IANA: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384]
  • ECDHE-RSA-AES256-GCM-SHA384 [IANA: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
  • ECDHE-ECDSA-CHACHA20-POLY1305 [IANA: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256]
  • ECDHE-RSA-CHACHA20-POLY1305 [IANA: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]

httpsProtocols

A comma-separated list that specifies the TLS protocols the Ingress controller will support. TLSv1.2 is enabled by default. Protocol values TLSv1, TLSv1.1, and TLSv1.3 are also supported.

tlsSecretName

The name of a user-defined TLS secret that exists in the same namespace as ArcGIS Enterprise on Kubernetes, which contains the wildcard certificate that will be used by the Ingress controller. This property must be specified if isTlsSecretSystemManaged is set to false.

identityCertificateName

Specifies the identity wildcard certificate that will be used by the Ingress controller. The certificate must have already been imported and given an alias. The alias of the imported certificate will be passed as the value for this property. This property must be set if isTlsSecretSystemManaged is set to true.

hstsEnabled

A Boolean that indicates whether HTTP Strict Transport Security (HSTS) is enabled by the Ingress controller.

Values: true | false

isTlsSecretSystemManaged

Specifies where the identity certificate used by the Ingress controller is stored. If true, the identityCertificateName value must be set to use the alias of an existing imported identity certificate. If false, a user-defined TLS secret must exist and the tlsSecretName value must be specified and match the name of the TLS secret.

Values: true | false

Example usage

The following is a sample POST request for the update operation that demonstrates modifying the identityCertificateName property with the name of an imported certificate that will be used by the Ingress controller:

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
POST /context/admin/security/ingress/update HTTP/1.1
Host: organization.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

ingressSecurityConfig={
  "cipherSuites": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305",
  "httpsProtocols": "TLSv1.2 TLSv1.3",
  "tlsSecretName": "",
  "identityCertificateName": "orgCert",
  "hstsEnabled": true,
  "isTlsSecretSystemManaged": true
}&f=pjson&token=bnwCK0Wlwj9fIJrwWq5o8LgV__ibaG6Lw_idwH8HA2c3pnYoTB1_odgA0MIC7p8oKQr8sYVFTMbpEerYQf4pIx34a7QGyBTUPtx5VYpzI_xyi68qGVUOmO8ouQqWGQEDWW6Jc0dJrIOVZBJ4x3aHyaBgPnuUWZitcGssH6QYH47Nuk_b6NRChHBi_EglJutuOPbCKc96TmbfKkH7atbfCSecvv3nnVHYvC1s1j02ZZWqt6Q_idRuVhQVcfBbFkFw

JSON Response example

Use dark colors for code blocksCopy
1
{"statu": "success"}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.