public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-15 01:23:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Document enabling forward host headers for NGINX 0.25.0

Browse Source
This commit is contained in:
Catherine Luse
2019-10-25 13:55:49 -07:00
committed by Denise
parent a148560fef
commit 033e352dc9
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md
+16
View File
@@ -156,6 +156,22 @@ You may terminate the SSL/TLS on a L7 load balancer external to the Rancher clus
Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly.
#### Enabling Forward Host Headers
_For Rancher v2.3.0+, which uses NGINX 0.25.0_
If you are using an NGINX ingress controller, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress:
```yaml
ingress:
provider: nginx
options:
use-forwarded-headers: "true"
```
Version 0.22 of `ingress-nginx` had a [breaking change](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) in which the IP addreses for forwarded headers are not trusted by default. Rancher v2.2.x used `ingress-nginx` 0.21, while Rancher v2.3.x uses `ingress-nginx` 0.25.
This change allows `ingress-nginx` to trust any client to extract true IP addresses from forwarded headers.
#### Required Headers
* `Host`