You can customize the NGINX configuration using ConfigMaps or Annotations.
The table below summarizes some of the options. More options (extensions) are available, refer to the examples folder.
Annotation | ConfigMaps Key | Description | Default |
---|---|---|---|
nginx.org/proxy-connect-timeout |
proxy-connect-timeout |
Sets the value of the proxy_connect_timeout directive. | 60s |
nginx.org/proxy-read-timeout |
proxy-read-timeout |
Sets the value of the proxy_read_timeout directive. | 60s |
nginx.org/client-max-body-size |
client-max-body-size |
Sets the value of the client_max_body_size directive. | 1m |
nginx.org/proxy-buffering |
proxy-buffering |
Enables or disables buffering of responses from the proxied server. | True |
nginx.org/proxy-buffers |
proxy-buffers |
Sets the value of the proxy_buffers directive. | Depends on the platform. |
nginx.org/proxy-buffer-size |
proxy-buffer-size |
Sets the value of the proxy_buffer_size directive | Depends on the platform. |
nginx.org/proxy-max-temp-file-size |
proxy-max-temp-file-size |
Sets the value of the proxy_max_temp_file_size directive. | 1024m |
nginx.org/proxy-hide-headers |
proxy-hide-headers |
Sets the value of one or more proxy_hide_header directives. Example: "nginx.org/proxy-hide-headers": "header-a,header-b" |
N/A |
nginx.org/proxy-pass-headers |
proxy-pass-headers |
Sets the value of one or more proxy_pass_header directives. Example: "nginx.org/proxy-pass-headers": "header-a,header-b" |
N/A |
N/A | server-names-hash-bucket-size |
Sets the value of the server_names_hash_bucket_size directive. | Depends on the size of the processor’s cache line. |
N/A | server-names-hash-max-size |
Sets the value of the server_names_hash_max_size directive. | 512 |
N/A | http2 |
Enables HTTP/2 in servers with SSL enabled. | False |
nginx.org/redirect-to-https |
redirect-to-https |
Sets the 301 redirect rule based on the value of the http_x_forwarded_proto header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress controller — see 115 |
False |
ingress.kubernetes.io/ssl-redirect |
ssl-redirect |
Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. | True |
N/A | log-format |
Sets the custom log format. | See the template file. |
nginx.org/hsts |
hsts |
Enables HTTP Strict Transport Security (HSTS): the HSTS header is added to the responses from backends. The preload directive is included in the header. |
False |
nginx.org/hsts-max-age |
hsts-max-age |
Sets the value of the max-age directive of the HSTS header. |
2592000 (1 month) |
nginx.org/hsts-include-subdomains |
hsts-include-subdomains |
Adds the includeSubDomains directive to the HSTS header. |
False |
N/A | ssl-protocols |
Sets the value of the ssl_protocols directive. | TLSv1 TLSv1.1 TLSv1.2 |
N/A | ssl-prefer-server-ciphers |
Enables or disables the ssl_prefer_server_ciphers directive. | False |
N/A | ssl-ciphers |
Sets the value of the ssl_ciphers directive. | HIGH:!aNULL:!MD5 |
N/A | ssl-dhparam-file |
Sets the content of the dhparam file. The controller will create the file and set the value of the ssl_dhparam directive with the path of the file. | N/A |
N/A | set-real-ip-from |
Sets the value of the set_real_ip_from directive. | N/A |
N/A | real-ip-header |
Sets the value of the real_ip_header directive. | X-Real-IP |
N/A | real-ip-recursive |
Enables or disables the real_ip_recursive directive. | False |
nginx.org/server-tokens |
server-tokens |
Enables or disables the server_tokens directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. | True |
N/A | main-snippets |
Sets a custom snippet in main context. | N/A |
N/A | http-snippets |
Sets a custom snippet in http context. | N/A |
nginx.org/location-snippets |
location-snippets |
Sets a custom snippet in location context. | N/A |
nginx.org/server-snippets |
server-snippets |
Sets a custom snippet in server context. | N/A |
nginx.org/lb-method |
lb-method |
Sets the load balancing method. The default "" specifies the round-robin method. |
"" |
nginx.org/listen-ports |
N/A | Configures HTTP ports that NGINX will listen on. | [80] |
nginx.org/listen-ports-ssl |
N/A | Configures HTTPS ports that NGINX will listen on. | [443] |
N/A | worker-processes |
Sets the value of the worker_processes directive. | auto |
N/A | worker-rlimit-nofile |
Sets the value of the worker_rlimit_nofile directive. | N/A |
N/A | worker-connections |
Sets the value of the worker_connections directive. | 1024 |
N/A | worker-cpu-affinity |
Sets the value of the worker_cpu_affinity directive. | N/A |
N/A | worker-shutdown-timeout |
Sets the value of the worker_shutdown_timeout directive. | N/A |
nginx.org/keepalive |
keepalive |
Sets the value of the keepalive directive. Note that proxy_set_header Connection ""; is added to the generated configuration when the value > 0. |
0 |
-
Make sure that you specify the configmaps resource to use when you start an Ingress controller. For example,
-nginx-configmaps=default/nginx-config
, where we specify the config map to use with the following format:<namespace>/<name>
. See nginx-ingress-rc.yaml or nginx-plus-ingress-rc.yaml files. -
Create a configmaps file with the name nginx-config.yaml and set the values that make sense for your setup:
kind: ConfigMap apiVersion: v1 metadata: name: nginx-config data: proxy-connect-timeout: "10s" proxy-read-timeout: "10s" client-max-body-size: "2m"
See the nginx-config.yaml from this directory for a complete example.
-
Create a configmaps resource:
$ kubectl create -f nginx-config.yaml
The NGINX configuration will be updated.
-
If you want to update the configmaps, update the file and replace the config map:
$ kubectl replace -f nginx-config.yaml
The NGINX configuration will be updated.
If you want to customize the configuration for a particular Ingress resource only, you can use Annotations. Here is an example (cafe-ingress-with-annotations.yaml):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: cafe-ingress-with-annotations
annotations:
nginx.org/proxy-connect-timeout: "30s"
nginx.org/proxy-read-timeout: "20s"
nginx.org/client-max-body-size: "4m"
spec:
rules:
- host: cafe.example.com
http:
paths:
- path: /tea
backend:
serviceName: tea-svc
servicePort: 80
- path: /coffee
backend:
serviceName: coffee-svc
servicePort: 80
Annotations take precedence over ConfigMaps.