SUSE Support

Here When You Need Us

How to enable support for use-forwarded-headers in ingress-nginx

This document (000020070) is provided subject to the disclaimer at the end of this document.

Environment


Situation

Per the [ingress-nginx documentation], the use-forwarded-headers configuration option enables passing "the incoming X-Forwarded-* headers to upstreams. Use this option when NGINX is behind another L7 proxy / load balancer that is setting these headers."

This article details how to enable the use-forwarded-headers option in the ingress-nginx instance of Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes clusters.

 

 

    Resolution

    Configuration for RKE CLI provisioned clusters
    1. Edit the cluster configuration YAML file to include the use-forwarded-headers: true option for the ingress, as follows:

      ingress:
        provider: nginx
        options:
          use-forwarded-headers: true
    2. Apply the changes to the cluster, by invoking rke up:

      rke up --config <cluster configuration yaml file>
    3. Verify the new configuration:

      for pod in $(kubectl get pods -l app=ingress-nginx -n ingress-nginx --no-headers -o name | awk -F '/' '{print $2}'); do echo -n "Checking $pod .... "; kubectl -n ingress-nginx exec "$pod" -- bash -c "cat /etc/nginx/nginx.conf | grep use_forwarded_headers | grep true > /dev/null 2>&1 && echo 'Good' || echo 'Bad'"; done
    Configuration for Rancher v2.x provisioned clusters
    1. Log in to the Rancher UI.
    2. Go to Global -> Clusters -> Cluster Name.
    3. From the Cluster Dashboard edit the cluster by Clicking on "⋮" then select Edit.
    4. Click "Edit as YAML".
    5. Include the use-forwarded-headers option for the ingress, as follows:

      ingress:
        provider: nginx
        options:
          use-forwarded-headers: true
    6. Click "Save" at the bottom of the page.

    7. Wait for cluster to finish upgrading.
    8. Go back to the Cluster Dashboard and click "Launch kubectl".
    9. Run the following inside the kubectl CLI to verify the new argument:
      for pod in $(kubectl get pods -l app=ingress-nginx -n ingress-nginx --no-headers -o name | awk -F '/' '{print $2}'); do echo -n "Checking $pod .... "; kubectl -n ingress-nginx exec "$pod" -- bash -c "cat /etc/nginx/nginx.conf | grep use_forwarded_headers | grep true > /dev/null 2>&1 && echo 'Good' || echo 'Bad'"; done

    Additional Information

    Disclaimer

    This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

    • Document ID:000020070
    • Creation Date: 06-May-2021
    • Modified Date:03-Apr-2024
      • SUSE Rancher

    < Back to Support Search

    For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

    tick icon

    SUSE Support Forums

    Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

    tick icon

    Support Resources

    Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

    tick icon

    Open an Incident

    Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.