Skip to content

How to set server-tokens to false, to disable the the NGINX header in ingress-nginx responses, within a Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned cluster

This document (000020143) is provided subject to the disclaimer at the end of this document.

Situation

Task

The ingress-nginx server-tokens option controls display of the NGINX server header, including version information, in the response to ingress requests. By default this header is enabled; however, due to security concerns in exposing version information, a user might want to disable this on the nginx-ingress-controllers of their Kubernetes cluster(s). This article details how to disable the header, via the server-tokens option, in Rancher Kubernetes Engine (RKE) or Rancher v2.x provisioned clusters.

Pre-requisites

  • A Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes cluster

Resolution

RKE provisioned clusters
  1. Add the server-tokens: "false" option for nginx into the cluster configuration YAML file as follows:
ingress:
       provider: nginx
       options:
         server-tokens: "false"

Example:

nodes:
  - address: x.x.x.x
    internal_address: x.x.x.x
    user: ubuntu
    role: [controlplane,worker,etcd]
ingress:
    provider: nginx
    options:
      server-tokens: "false"
services:
etcd:
    snapshot: true
    creation: 6h
    retention: 24h
  1. Execute rke up to update the cluster with the new configuration. N.B. Ensure the .rkestate file for the cluster is present in the working directory when invoking rke up per the documentation here:
rke up --config <cluster configuration YAML file>
Rancher v2.x provisioned clusters
  1. Navigate to the Cluster within the Rancher UI and click 'Edit Cluster'.
  2. Click 'Edit as YAML'.
  3. Add the server-tokens: "false" option for nginx into the cluster configuration YAML file as follows:
rancher_kubernetes_engine_config:
[...]
  ingress:
      provider: nginx
      options:
        server-tokens: "false"
  1. Click 'Save' to update the cluster with the new configuration.

Further reading

ingress-nginx documentation on the server-tokens options

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.