From 1a5e2d57a6eb197c403893ae98222ec2adba8f4a Mon Sep 17 00:00:00 2001
From: Olaf Klischat <olaf.klischat@gmail.com>
Date: Mon, 23 Sep 2019 12:35:10 +0200
Subject: [PATCH] tls user guide --default-ssl-certificate clarification

Evidently the `--default-ssl-certificate` option is used not only for the catch-all server, but also for all ingress `tls:` sections that don't have a `secretName` option. This doesn't seem to be documented anywhere, hence this change.
---
 docs/user-guide/tls.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/user-guide/tls.md b/docs/user-guide/tls.md
index af0b3568cb..f42852dc1d 100644
--- a/docs/user-guide/tls.md
+++ b/docs/user-guide/tls.md
@@ -34,6 +34,9 @@ If this flag is not provided NGINX will use a self-signed certificate.
 For instance, if you have a TLS secret `foo-tls` in the `default` namespace,
 add `--default-ssl-certificate=default/foo-tls` in the `nginx-controller` deployment.
 
+The default certificate will also be used for ingress `tls:` sections that do not
+have a `secretName` option.
+
 ## SSL Passthrough
 
 The [`--enable-ssl-passthrough`](cli-arguments/) flag enables the SSL Passthrough feature, which is disabled by