How to remove the server header from Kubernetes deployed applications
I am asking this question in the style of question then answer.
If you create your Ingress objects for Helm charts or regular "kubectl apply" deployments, after deployment to your cluster, you might see the server header in your responses. This is regarded as a security concern. It should not be present.
You might not have control of your cluster or Ingress Controllers. How can you remove the header in question?
Similar Questions
2 Answers
You can do this for the whole nginx ingress controller in the settings ConfigMap:
server-tokens: "false"
You might not have control of your cluster or Ingress Controllers, but you do have control of your Ingress manifests.
In each of your Ingress manifest files (maybe inside your Helm charts) you can update your Ingress definition(s).
apiVersion: networking.k8s.io/v1beta1 # for versions before 1.14 use extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Release.Name}}-{{ .Values.baseName }}-ingress-spa
namespace: {{ .Values.global.config.namespace }}
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/configuration-snippet: |
more_clear_headers "Server";
spec:
tls:
- hosts:The key part is:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_clear_headers "Server";This instructs nginx to clear the server header. After redeploying your application you should now see:
And voila, the server header is gone.