public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-04-20 21:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ad1469c19b485cfe1f3fd49721294de780bc5678
rancher-docs/docs/getting-started/installation-and-upgrade/installation-references/tls-settings.md
Marty Hernandez Avedon c7f7b91719 #420 Adding canonical refs to ./getting-started part 3/10 (#622) 
* canonicized helm-chart-options

* canonicized tls-settings

* canonicized port-requirments

* canonicized docker-install-commands

2.0-2.4 don't appear to have sorresponding pages

* canonicized install-docker

* canonicized install-kubernetes

* fixed typos and incorrect pages
2023-05-26 14:19:30 -04:00

26 lines
1.5 KiB
Markdown
Raw Blame History

---
title: TLS Settings
---
<head>
<link rel="canonical" href="https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/tls-settings"/>
</head>
Changing the default TLS settings depends on the chosen installation method.
## Running Rancher in a highly available Kubernetes cluster
When you install Rancher inside of a Kubernetes cluster, TLS is offloaded at the cluster's ingress controller. The possible TLS settings depend on the used ingress controller:
* nginx-ingress-controller (default for RKE1 and RKE2): [Default TLS Version and Ciphers](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-tls-version-and-ciphers).
* traefik (default for K3s): [TLS Options](https://doc.traefik.io/traefik/https/tls/#tls-options).
## Running Rancher in a single Docker container
The default TLS configuration only accepts TLS 1.2 and secure TLS cipher suites. You can change this by setting the following environment variables:
| Parameter | Description | Default | Available options |
|-----|-----|-----|-----|
| `CATTLE_TLS_MIN_VERSION` | Minimum TLS version | `1.2` | `1.0`, `1.1`, `1.2`, `1.3` |
| `CATTLE_TLS_CIPHERS` | Allowed TLS cipher suites | `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`,<br/>`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`,<br/>`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`,<br/>`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`,<br/>`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`,<br/>`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305` | See [Golang tls constants](https://golang.org/pkg/crypto/tls/#pkg-constants) |
Reference in New Issue View Git Blame Copy Permalink