public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-17 18:37:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Edit section on NGINX v0.25

Browse Source
This commit is contained in:
Catherine Luse
2019-10-25 16:55:11 -07:00
committed by Denise
parent 54bc12f2e2
commit 339685f090
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md
+2 -5
View File
@@ -156,9 +156,9 @@ You may terminate the SSL/TLS on a L7 load balancer external to the Rancher clus
Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly.
#### Enabling Forward Host Headers for NGINX v0.25.0
#### Configuring Ingress for External TLS when Using NGINX v0.25
If you are using an NGINX v0.25.0 ingress controller, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress:
Rancher v2.3.0 shipped with NGINX v0.25.1. In this version, the behavior of NGINX has [changed](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) regarding forwarding headers and external TLS termination. Therefore, in the scenario that you are using external TLS termination configuration with NGINX 0.25, you must edit the `cluster.yml` to enable the `use-forwarded-headers` option for ingress:
```yaml
ingress:
@@ -166,9 +166,6 @@ ingress:
options:
use-forwarded-headers: "true"
```
Version 0.22 of `ingress-nginx` had a [breaking change](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0220) in which the IP addreses for forwarded headers are not trusted by default. Rancher v2.2.x used `ingress-nginx` 0.21, while Rancher v2.3.x uses `ingress-nginx` 0.25.
This change allows `ingress-nginx` to trust any client to extract true IP addresses from forwarded headers.
#### Required Headers