rancher-docs/versioned_docs/version-2.5/reference-guides/installation-references/tls-settings.md at 03c6b650ca850445c1063f951442ecee900d46ca

mirror of https://github.com/rancher/rancher-docs.git synced 2026-04-15 19:05:41 +00:00

Files

Marty Hernandez Avedon c7f7b91719 #420 Adding canonical refs to ./getting-started part 3/10 (#622 )

* canonicized helm-chart-options

* canonicized tls-settings

* canonicized port-requirments

* canonicized docker-install-commands

2.0-2.4 don't appear to have sorresponding pages

* canonicized install-docker

* canonicized install-kubernetes

* fixed typos and incorrect pages

2023-05-26 14:19:30 -04:00

1.5 KiB

Raw Blame History

title

title
TLS Settings

Changing the default TLS settings depends on the chosen installation method.

Running Rancher in a highly available Kubernetes cluster

When you install Rancher inside of a Kubernetes cluster, TLS is offloaded at the cluster's ingress controller. The possible TLS settings depend on the used ingress controller:

nginx-ingress-controller (default for RKE1 and RKE2): Default TLS Version and Ciphers.
traefik (default for K3s): TLS Options.

Running Rancher in a single Docker container

The default TLS configuration only accepts TLS 1.2 and secure TLS cipher suites. You can change this by setting the following environment variables:

Parameter	Description	Default	Available options
`CATTLE_TLS_MIN_VERSION`	Minimum TLS version	`1.2`	`1.0`, `1.1`, `1.2`, `1.3`
`CATTLE_TLS_CIPHERS`	Allowed TLS cipher suites	`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`	See Golang tls constants

1.5 KiB Raw Blame History

Running Rancher in a highly available Kubernetes cluster

Running Rancher in a single Docker container

1.5 KiB

Raw Blame History