Why Ingress NGINX removes my response headers
I have ASP.NET WebApi project, which return security headers on each request:
When I run this app in Kubernetes cluster with Ingress NGINX, my headers are missed
How I can configure NGINX to use response headers from my application? Why Ingress NGINX removes my response headers?
I don't have any experience with NGINX configuration. Please suggest how to do that in k8s cluster. Thanks
Similar Questions
2 Answers
The you are not able to find those headers as the traffic is flowing from a nginx ingress controller which acts as a proxy. To add some custom headers you can use the following given steps.
create a file and name it as
custom-headers.ymland add the following data.apiVersion: v1 data: X-Frame-Options: "Deny" X-Xss-Protection: "1; mode=block" X-Content-Type-Options: "nosniff" kind: ConfigMap metadata: name: custom-headers namespace: ingress-nginx
This file will create a ConfigMap in the ingress-nginx namespace. Apply this ConfigMap: kubectl apply -f custom-headers.yml
Now we need to make our nginx ingress controller to use this new ConfigMap. For that we need to add our config map with the global configs that were being used until now. For that create a file configmap.yml and add the following data. apiVersion: v1 data: proxy-set-headers: "ingress-nginx/custom-headers" kind: ConfigMap metadata: name: nginx-configuration namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
Apply this configuration by : kubectl apply -f configmap.yml
Check your configurations by using : kubectl exec <nginx-controller pod name> -n ingress-nginx cat /etc/nginx/nginx.conf
Use following annotations in your ingress to set response header
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Frame-Options: Deny";
more_set_headers "X-Xss-Protection: 1; mode=block";
more_set_headers "X-Content-Type-Options: nosniff";