How to set server-tokens to false, to disable the the NGINX header in ingress-nginx responses, within a Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned cluster

This document (000020143) is provided subject to the disclaimer at the end of this document.

Situation

Task

The ingress-nginx server-tokens option controls display of the NGINX server header, including version information, in the response to ingress requests. By default this header is enabled; however, due to security concerns in exposing version information, a user might want to disable this on the nginx-ingress-controllers of their Kubernetes cluster(s). This article details how to disable the header, via the server-tokens option, in Rancher Kubernetes Engine (RKE) or Rancher v2.x provisioned clusters.

Pre-requisites

  • A Rancher Kubernetes Engine (RKE) CLI or Rancher v2.x provisioned Kubernetes cluster

Resolution

RKE provisioned clusters
  1. Add the server-tokens: "false" option for nginx into the cluster configuration YAML file as follows:

    ingress:
        provider: nginx
        options:
          server-tokens: "false"

    Example:

    nodes:
      - address: x.x.x.x
        internal_address: x.x.x.x
        user: ubuntu
        role: [controlplane,worker,etcd]
    ingress:
        provider: nginx
        options:
          server-tokens: "false"
    services:
      etcd:
        snapshot: true
        creation: 6h
        retention: 24h
  2. Execute rke up to update the cluster with the new configuration. N.B. Ensure the .rkestate file for the cluster is present in the working directory when invoking rke up per the documentation here:

    rke up --config <cluster configuration YAML file>
Rancher v2.x provisioned clusters
  1. Navigate to the Cluster within the Rancher UI and click 'Edit Cluster'.
  2. Click 'Edit as YAML'.
  3. Add the server-tokens: "false" option for nginx into the cluster configuration YAML file as follows:

    rancher_kubernetes_engine_config:
    [...]
      ingress:
          provider: nginx
          options:
            server-tokens: "false"
  4. Click 'Save' to update the cluster with the new configuration.

Further reading

ingress-nginx documentation on the server-tokens options

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020143
  • Creation Date: 06-May-2021
  • Modified Date:06-May-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center