TLS Termination
Overview
On HTTPS endpoints, TLS is always terminated at the ngrok edge.
This module allows you to configure the particulars of how TLS is terminated. At the moment, the only behavior that is configurable is the minimum version of TLS to support.
By default, endpoints will attempt to to use the latest supported version of TLS 1.3 but they will support clients down to a minimum version of TLS 1.2.
Example Usage
Set the minimum supported TLS version to 1.3.
- Agent CLI
- Agent Config
- SSH
- Go
- Javascript
- Python
- Rust
- Kubernetes Controller
TLS termination is not configurable via the Agent CLI
TLS termination is not configurable via the Agent Config File
TLS termination is not configurable via SSH
TLS termination is not configurable via the Go SDK
TLS termination is not configurable via the Javascript SDK
TLS termination is not configurable via the Python SDK
TLS termination is not configurable via the Rust SDK
kind: NgrokModuleSet
apiVersion: ingress.k8s.ngrok.com/v1alpha1
metadata:
name: ngrok-module-set
modules:
tlsTermination:
minVersion: "1.3"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
k8s.ngrok.com/modules: ngrok-module-set
spec:
ingressClassName: ngrok
rules:
- host: your-domain.ngrok.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80
Behavior
This module allows you to configure particulars of how TLS is terminated.
On HTTPS endpoints, TLS is always terminated at the ngrok edge. The ngrok edge will attempt to use the latest supported version of TLS, TLS 1.3.
If you configure a minimum version of TLS older than the default of 1.2, be aware that older versions of TLS have known security flaws.
Reference
Configuration
Parameter | Default | Description |
---|---|---|
Minimum TLS Version | 1.2 | The minimum version of TLS to negotiate. Clients which do not support at least this version of TLS will be unable to connect. |
Upstream Headers
This module does not add any upstream headers.
Errors
This module does not return any errors.
Edges
TLS Termination is an HTTPS Edge module. It is attached directly to the Edge, it can not be configured on a per-Route basis. This is because TLS termination occurs before any HTTP multiplexing may begin.
Events
When this module is enabled, it populates the following fields in http_request_complete.v0 events.
Fields |
---|
tls.version |
tls.cipher_suite |
Pricing
This module is available on all plans.
Try it out
This documentation is incomplete. Please check back later, we appreciate your patience.