From 6c8792d80a9309d36f10ee5590e51ccf84e67d51 Mon Sep 17 00:00:00 2001 From: Peter Sutherland Date: Sun, 15 Jan 2017 22:12:02 +0000 Subject: [PATCH 1/3] Add whitelist-source-range to config map docs --- controllers/nginx/configuration.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index 9dd2121cda..fc79f29f5b 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -318,6 +318,9 @@ The default mime type list to compress is: `application/atom+xml application/jav **use-proxy-protocol:** Enables or disables the [PROXY protocol](https://www.nginx.com/resources/admin-guide/proxy-protocol/) to receive client connection (real IP address) information passed through proxy servers and load balancers such as HAProxy and Amazon Elastic Load Balancer (ELB). +**whitelist-source-range:** Sets the default whitelisted IPs for each `server` block. This can be overwritten by an annotation on an Ingress rule. See [ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html). + + **worker-processes:** Sets the number of [worker processes](http://nginx.org/en/docs/ngx_core_module.html#worker_processes). The default of "auto" means number of available CPU cores. @@ -355,6 +358,7 @@ The following table shows the options, the default value and a description. |use-gzip|"true"| |use-http2|"true"| |vts-status-zone-size|10m| +|whitelist-source-range|permit all| |worker-processes|number of CPUs| From e665072eaa2af13f566ebe44b50ac2864fe341c3 Mon Sep 17 00:00:00 2001 From: Peter Sutherland Date: Sun, 15 Jan 2017 22:56:44 +0000 Subject: [PATCH 2/3] Document more parameters and list defaults --- controllers/nginx/configuration.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index fc79f29f5b..dec787ba7f 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -188,9 +188,15 @@ Setting at least one code also enables [proxy_intercept_errors](http://nginx.org Example usage: `custom-http-errors: 404,415` +**enable-dynamic-tls-records:** Enables dynamically sized TLS records to improve time-to-first-byte. Enabled by default. See [CloudFlare's blog](https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency) for more information. + + **enable-sticky-sessions:** Enables sticky sessions using cookies. This is provided by [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng) module. +**enable-spdy:** Enables the SPDY protocol. + + **enable-vts-status:** Allows the replacement of the default status page with a third party module named [nginx-module-vts](https://github.com/vozlt/nginx-module-vts). @@ -248,6 +254,8 @@ http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket http://nginx.org/en/docs/hash.html +**server-tokens:** Send NGINX Server header in responses and display NGINX version in error pages. Enabled by default. + **map-hash-bucket-size:** Sets the bucket size for the [map variables hash tables](http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_bucket_size). The details of setting up hash tables are provided in a separate [document](http://nginx.org/en/docs/hash.html). @@ -332,14 +340,17 @@ The following table shows the options, the default value and a description. |---------------------------|------| |body-size|1m| |custom-http-errors|" "| +|enable-dynamic-tls-records|"true"| +|enable-spdy|"true"| |enable-sticky-sessions|"false"| |enable-vts-status|"false"| |error-log-level|notice| -|gzip-types|| +|gzip-types|see use-gzip description above| |hsts|"true"| |hsts-include-subdomains|"true"| |hsts-max-age|"15724800"| |keep-alive|"75"| +|map-hash-bucket-size|"64"| |max-worker-connections|"16384"| |proxy-connect-timeout|"5"| |proxy-read-timeout|"60"| @@ -348,8 +359,10 @@ The following table shows the options, the default value and a description. |retry-non-idempotent|"false"| |server-name-hash-bucket-size|"64"| |server-name-hash-max-size|"512"| +|server-tokens|"true"| |ssl-buffer-size|4k| |ssl-ciphers|| +|ssl-dh-param|value from openssl| |ssl-protocols|TLSv1 TLSv1.1 TLSv1.2| |ssl-session-cache|"true"| |ssl-session-cache-size|10m| From 8fae080cce679ca88c083b437ec89b4eec5fe4c5 Mon Sep 17 00:00:00 2001 From: Peter Sutherland Date: Mon, 23 Jan 2017 14:50:52 +0000 Subject: [PATCH 3/3] Remove SPDY documentation as it is broken --- controllers/nginx/configuration.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md index dec787ba7f..776644b6fe 100644 --- a/controllers/nginx/configuration.md +++ b/controllers/nginx/configuration.md @@ -194,9 +194,6 @@ Example usage: `custom-http-errors: 404,415` **enable-sticky-sessions:** Enables sticky sessions using cookies. This is provided by [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng) module. -**enable-spdy:** Enables the SPDY protocol. - - **enable-vts-status:** Allows the replacement of the default status page with a third party module named [nginx-module-vts](https://github.com/vozlt/nginx-module-vts). @@ -341,7 +338,6 @@ The following table shows the options, the default value and a description. |body-size|1m| |custom-http-errors|" "| |enable-dynamic-tls-records|"true"| -|enable-spdy|"true"| |enable-sticky-sessions|"false"| |enable-vts-status|"false"| |error-log-level|notice|