How to enable support for use-forwarded-headers in ingress-nginx
Article Number: 000020070
Environment
- A Kubernetes cluster provisioned by the Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x
- For RKE provisioned clusters, you will require the RKE binary and access to the cluster configuration YAML, rkestate file and kubectl access with the kubeconfig for the cluster sourced
- For Rancher v2.x provisioned clusters, you will require cluster owner or global admin permissions in Rancher
Situation
Per the [ingress-nginx documentation], the use-forwarded-headers
configuration option enables passing "the incoming X-Forwarded-* headers to upstreams. Use this option when NGINX is behind another L7 proxy / load balancer that is setting these headers."
This article details how to enable the use-forwarded-headers
option in the ingress-nginx instance of Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes clusters.
Resolution
Configuration for RKE CLI provisioned clusters
- Edit the cluster configuration YAML file to include the
use-forwarded-headers: true
option for the ingress, as follows:
ingress:
provider: nginx
options:
use-forwarded-headers: true
rke up
:
rke up --config <cluster configuration yaml file>
for pod in $(kubectl get pods -l app=ingress-nginx -n ingress-nginx --no-headers -o name | awk -F '/' '{print $2}'); do echo -n "Checking $pod .... "; kubectl -n ingress-nginx exec "$pod" -- bash -c "cat /etc/nginx/nginx.conf | grep use_forwarded_headers | grep true > /dev/null 2>&1 && echo 'Good' || echo 'Bad'"; done
Configuration for Rancher v2.x provisioned clusters
- Log in to the Rancher UI.
- Go to Global -> Clusters -> Cluster Name.
- From the Cluster Dashboard edit the cluster by Clicking on "⋮" then select Edit.
- Click "Edit as YAML".
- Include the
use-forwarded-headers
option for the ingress, as follows:
ingress:
provider: nginx
options:
use-forwarded-headers: true
for pod in $(kubectl get pods -l app=ingress-nginx -n ingress-nginx --no-headers -o name | awk -F '/' '{print $2}'); do echo -n "Checking $pod .... "; kubectl -n ingress-nginx exec "$pod" -- bash -c "cat /etc/nginx/nginx.conf | grep use_forwarded_headers | grep true > /dev/null 2>&1 && echo 'Good' || echo 'Bad'"; done