ingress-nginx-helm/user-guide/nginx-configuration/configmap/index.html

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ rel=canonical><link rel="shortcut icon" href=../../../assets/images/favicon.png><meta name=generator content="mkdocs-1.1.2, mkdocs-material-6.2.4"><title>ConfigMap - NGINX Ingress Controller</title><link rel=stylesheet href=../../../assets/stylesheets/main.15aa0b43.min.css><link rel=stylesheet href=../../../assets/stylesheets/palette.75751829.min.css><meta name=theme-color content=#009485><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"><style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style><link rel=stylesheet href=../../../extra.css><script>window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)},ga.l=+new Date,ga("create","UA-118407822-1","kubernetes.github.io"),ga("set","anonymizeIp",!0),ga("send","pageview"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){if(this.value){var e=document.location.pathname;ga("send","pageview",e+"?q="+this.value)}})}),document.addEventListener("DOMContentSwitch",function(){ga("send","pageview",document.location.pathname)})</script><script async src=https://www.google-analytics.com/analytics.js></script></head> <body dir=ltr data-md-color-scheme data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#configmaps class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid" aria-label=Header> <a href=https://kubernetes.github.io/ingress-nginx title="NGINX Ingress Controller" class="md-header-nav__button md-logo" aria-label="NGINX Ingress Controller"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg> </a> <label class="md-header-nav__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class=md-header-nav__title data-md-component=header-title> <div class=md-header-nav__ellipsis> <div class=md-header-nav__topic> <span class=md-ellipsis> NGINX Ingress Controller </span> </div> <div class=md-header-nav__topic> <span class=md-ellipsis> ConfigMap </span> </div> </div> </div> <label class="md-header-nav__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query data-md-state=active required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 
  <span class=nt>map-hash-bucket-size</span><span class=p>:</span> <span class=s>&quot;128&quot;</span>
  <span class=nt>ssl-protocols</span><span class=p>:</span> <span class="l l-Scalar l-Scalar-Plain">SSLv2</span>
</code></pre></div> <div class="admonition important"> <p class=admonition-title>Important</p> <p>The key and values in a ConfigMap can only be strings. This means that we want a value with boolean values we need to quote the values, like "true" or "false". Same for numbers, like "100".</p> <p>"Slice" types (defined below as <code>[]string</code> or <code>[]int</code>) can be provided as a comma-delimited string.</p> </div> <h2 id=configuration-options>Configuration options<a class=headerlink href=#configuration-options title="Permanent link"> ¶</a></h2> <p>The following table shows a configuration option's name, type, and the default value:</p> <table> <thead> <tr> <th align=left>name</th> <th align=left>type</th> <th align=left>default</th> </tr> </thead> <tbody> <tr> <td align=left><a href=#add-headers>add-headers</a></td> <td align=left>string</td> <td align=left>""</td> </tr> <tr> <td align=left><a href=#allow-backend-server-header>allow-backend-server-header</a></td> <td align=left>bool</td> <td align=left>"false"</td> </tr> <tr> <td align=left><a href=#hide-headers>hide-headers</a></td> <td align=left>string array</td> <td align=left>empty</td> </tr> <tr> <td align=left><a href=#access-log-params>access-log-params</a></td> <td align=left>string</td> <td align=left>""</td> </tr> <tr> <td align=left><a href=#access-log-path>access-log-path</a></td> <td align=left>string</td> <td align=left>"/var/log/nginx/access.log"</td> </tr> <tr> <td align=left><a href=#http-access-log-path>http-access-log-path</a></td> <td align=left>string</td> <td align=left>""</td> </tr> <tr> <td align=left><a href=#stream-access-log-path>stream-access-log-path</a></td> <td align=left>string</td> <td align=left>""</td> </tr> <tr> <td align=left><a href=#enable-access-log-for-default-backend>enable-access-log-for-default-backend</a></td> <td align=left>bool</td> <td align=left>"false"</td> </tr> <tr> <td align=left><a href=#error-log-path>error-log-path</a></td> <td align=left>string</td> <td align=left>"/var/log/nginx/error.log"</td> </tr> <tr> <td align=left><a href=#enable-modsecurity>enable-modsecurity</a></td> <td align=left>bool</td> <td align=left>"false"</td> </tr> <tr> <td align=left><a href=#modsecurity-snippet>modsecurity-snippet</a></td> <td align=left>string</td> <td align=left>""</td> </tr> <tr> <td align=left><a href=#enable-owasp-modsecurity-crs>enable-owasp-modsecurity-crs</a></td> <td align=left>bool</td> <td align=left>"false"</td> </tr> <tr> <td align=left><a href=#client-header-buffer-size>client-header-buffer-size</a></td> <td align=left>string</td> <td align=left>"1k"</td> </tr> <tr> <td align=left><a href=#client-header-timeout>client-header-timeout</a></td> <td align=left>int</td> <td align=left>60</td> </tr> <tr> <td align=left><a href=#client-body-buffer-size>client-body-buffer-size</a></td> <td align=left>string</td> <td align=left>"8k"</td> </tr> <tr> <td align=left><a href=#client-body-timeout>client-body-timeout</a></td> <td align=left>int</td> <td align=left>60</td> </tr> <tr> <td align=left><a href=#disable-access-log>disable-access-log</a></td> <td align=left>bool</td> <td align=left>false</td> </tr> <tr> <td align=left><a href=#disable-ipv6>disable-ipv6</a></td> <td align=left>bool</td> <td align=left>false</td> </tr> <tr> <td align=left><a href=#disable-ipv6-dns>disable-ipv6-dns</a></td> <td align=left>bool</td> <td align=left>false</td> </tr> <tr> <td align=left><a href=#enable-underscores-in-headers>enable-underscores-in-headers</a></td> <td align=left>bool</td> <td align=left>false</td> </tr> <tr> <td align=left><a href=#enable-ocsp>enable-ocsp</a></td> <td align=left>bool</td> <td align=left>false</td> </tr> <tr> <td align=left><a href=#ignore-invalid-headers>ignore-invalid-headers</a></td> <td align=left>bool</td> <td align=left>true</td> </tr> <tr> <td align=left><a href=#retry-non-idempotent>retry-non-idempotent</a></td> <td align=left>bool</td> <td align=left>"false"</td> </tr> <tr> <td align=left><a href=#error-log-level>error-log-level</a></td> <td align=left>string</td> <td align=left>"notice"</
  <span class=nt>&quot;remote_user&quot;</span><span class=p>:</span> <span class=s2>&quot;$remote_user&quot;</span><span class=p>,</span> <span class=nt>&quot;bytes_sent&quot;</span><span class=p>:</span> <span class=err>$by</span><span class=kc>tes</span><span class=err>_se</span><span class=kc>nt</span><span class=p>,</span> <span class=nt>&quot;request_time&quot;</span><span class=p>:</span> <span class=err>$reques</span><span class=kc>t</span><span class=err>_</span><span class=kc>t</span><span class=err>ime</span><span class=p>,</span> <span class=nt>&quot;status&quot;</span><span class=p>:</span> <span class=err>$s</span><span class=kc>tatus</span><span class=p>,</span> <span class=nt>&quot;vhost&quot;</span><span class=p>:</span> <span class=s2>&quot;$host&quot;</span><span class=p>,</span> <span class=nt>&quot;request_proto&quot;</span><span class=p>:</span> <span class=s2>&quot;$server_protocol&quot;</span><span class=p>,</span>
  <span class=nt>&quot;path&quot;</span><span class=p>:</span> <span class=s2>&quot;$uri&quot;</span><span class=p>,</span> <span class=nt>&quot;request_query&quot;</span><span class=p>:</span> <span class=s2>&quot;$args&quot;</span><span class=p>,</span> <span class=nt>&quot;request_length&quot;</span><span class=p>:</span> <span class=err>$reques</span><span class=kc>t</span><span class=err>_le</span><span class=kc>n</span><span class=err>g</span><span class=kc>t</span><span class=err>h</span><span class=p>,</span> <span class=nt>&quot;duration&quot;</span><span class=p>:</span> <span class=err>$reques</span><span class=kc>t</span><span class=err>_</span><span class=kc>t</span><span class=err>ime</span><span class=p>,</span><span class=nt>&quot;method&quot;</span><span class=p>:</span> <span class=s2>&quot;$request_method&quot;</span><span class=p>,</span> <span class=nt>&quot;http_referrer&quot;</span><span class=p>:</span> <span class=s2>&quot;$http_referer&quot;</span><span class=p>,</span>
  <span class=nt>&quot;http_user_agent&quot;</span><span class=p>:</span> <span class=s2>&quot;$http_user_agent&quot;</span> <span class=p>}</span><span class=err>&#39;</span>
</code></pre></div> <p>Please check the <a href=../log-format/ >log-format</a> for definition of each field.</p> <h2 id=log-format-stream>log-format-stream<a class=headerlink href=#log-format-stream title="Permanent link"> ¶</a></h2> <p>Sets the nginx <a href=https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format>stream format</a>.</p> <h2 id=enable-multi-accept>enable-multi-accept<a class=headerlink href=#enable-multi-accept title="Permanent link"> ¶</a></h2> <p>If disabled, a worker process will accept one new connection at a time. Otherwise, a worker process will accept all new connections at a time. <em><strong>default:</strong></em> true</p> <p><em>References:</em> <a href=http://nginx.org/en/docs/ngx_core_module.html#multi_accept>http://nginx.org/en/docs/ngx_core_module.html#multi_accept</a></p> <h2 id=max-worker-connections>max-worker-connections<a class=headerlink href=#max-worker-connections title="Permanent link"> ¶</a></h2> <p>Sets the <a href=http://nginx.org/en/docs/ngx_core_module.html#worker_connections>maximum number of simultaneous connections</a> that can be opened by each worker process. 0 will use the value of <a href=#max-worker-open-files>max-worker-open-files</a>. <em><strong>default:</strong></em> 16384</p> <div class="admonition tip"> <p class=admonition-title>Tip</p> <p>Using 0 in scenarios of high load improves performance at the cost of increasing RAM utilization (even on idle).</p> </div> <h2 id=max-worker-open-files>max-worker-open-files<a class=headerlink href=#max-worker-open-files title="Permanent link"> ¶</a></h2> <p>Sets the <a href=http://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile>maximum number of files</a> that can be opened by each worker process. The default of 0 means "max open files (system's limit) / <a href=#worker-processes>worker-processes</a> - 1024". <em><strong>default:</strong></em> 0</p> <h2 id=map-hash-bucket-size>map-hash-bucket-size<a class=headerlink href=#map-hash-bucket-size title="Permanent link"> ¶</a></h2> <p>Sets the bucket size for the <a href=http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_bucket_size>map variables hash tables</a>. The details of setting up hash tables are provided in a separate <a href=http://nginx.org/en/docs/hash.html>document</a>.</p> <h2 id=proxy-real-ip-cidr>proxy-real-ip-cidr<a class=headerlink href=#proxy-real-ip-cidr title="Permanent link"> ¶</a></h2> <p>If <code>use-forwarded-headers</code> or <code>use-proxy-protocol</code> is enabled, <code>proxy-real-ip-cidr</code> defines the default IP/network address of your external load balancer. Can be a comma-separated list of CIDR blocks. <em><strong>default:</strong></em> "0.0.0.0/0"</p> <h2 id=proxy-set-headers>proxy-set-headers<a class=headerlink href=#proxy-set-headers title="Permanent link"> ¶</a></h2> <p>Sets custom headers from named configmap before sending traffic to backends. The value format is namespace/name. See <a href=https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers>example</a></p> <h2 id=server-name-hash-max-size>server-name-hash-max-size<a class=headerlink href=#server-name-hash-max-size title="Permanent link"> ¶</a></h2> <p>Sets the maximum size of the <a href=http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size>server names hash tables</a> used in server names,map directive’s values, MIME types, names of request header strings, etc.</p> <p><em>References:</em> <a href=http://nginx.org/en/docs/hash.html>http://nginx.org/en/docs/hash.html</a></p> <h2 id=server-name-hash-bucket-size>server-name-hash-bucket-size<a class=headerlink href=#server-name-hash-bucket-size title="Permanent link"> ¶</a></h2> <p>Sets the size of the bucket for the server names hash tables.</p> <p><em>References:</em></p> <ul> <li><a href=http://nginx.org/en/docs/hash.html>http://nginx.org/en/docs/hash.html</a></li> <li><a href=http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size>http://nginx.org/en/docs/http/ngx_http_core_module.ht
</code></pre></div> <p>For example following will set default <code>certificate_data</code> dictionary to <code>100M</code> and will introduce a new dictionary called <code>my_custom_plugin</code>:</p> <div class=highlight><pre><span></span><code>lua-shared-dicts: &quot;certificate_data: 100, my_custom_plugin: 5&quot;
</code></pre></div> <p>You can optionally set a size unit to allow for kilobyte-granularity. Allowed units are 'm' or 'k' (case-insensitive), and it defaults to MB if no unit is provided. Here is a similar example, but the <code>my_custom_plugin</code> dict is only 512KB.</p> <div class=highlight><pre><span></span><code>lua-shared-dicts: &quot;certificate_data: 100, my_custom_plugin: 512k&quot;
</code></pre></div> <p><em>References:</em> <a href=http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate_after>http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate_after</a></p> <h2 id=http-redirect-code>http-redirect-code<a class=headerlink href=#http-redirect-code title="Permanent link"> ¶</a></h2> <p>Sets the HTTP status code to be used in redirects. Supported codes are <a href=https://developer.mozilla.org/docs/Web/HTTP/Status/301>301</a>,<a href=https://developer.mozilla.org/docs/Web/HTTP/Status/302>302</a>,<a href=https://developer.mozilla.org/docs/Web/HTTP/Status/307>307</a> and <a href=https://developer.mozilla.org/docs/Web/HTTP/Status/308>308</a> <em><strong>default:</strong></em> 308</p> <blockquote> <p><strong>Why the default code is 308?</strong></p> <p><a href=https://tools.ietf.org/html/rfc7238>RFC 7238</a> was created to define the 308 (Permanent Redirect) status code that is similar to 301 (Moved Permanently) but it keeps the payload in the redirect. This is important if we send a redirect in methods like POST.</p> </blockquote> <h2 id=proxy-buffering>proxy-buffering<a class=headerlink href=#proxy-buffering title="Permanent link"> ¶</a></h2> <p>Enables or disables <a href=http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering>buffering of responses from the proxied server</a>.</p> <h2 id=limit-req-status-code>limit-req-status-code<a class=headerlink href=#limit-req-status-code title="Permanent link"> ¶</a></h2> <p>Sets the <a href=http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_status>status code to return in response to rejected requests</a>. <em><strong>default:</strong></em> 503</p> <h2 id=limit-conn-status-code>limit-conn-status-code<a class=headerlink href=#limit-conn-status-code title="Permanent link"> ¶</a></h2> <p>Sets the <a href=http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_status>status code to return in response to rejected connections</a>. <em><strong>default:</strong></em> 503</p> <h2 id=no-tls-redirect-locations>no-tls-redirect-locations<a class=headerlink href=#no-tls-redirect-locations title="Permanent link"> ¶</a></h2> <p>A comma-separated list of locations on which http requests will never get redirected to their https counterpart. <em><strong>default:</strong></em> "/.well-known/acme-challenge"</p> <h2 id=global-auth-url>global-auth-url<a class=headerlink href=#global-auth-url title="Permanent link"> ¶</a></h2> <p>A url to an existing service that provides authentication for all the locations. Similar to the Ingress rule annotation <code>nginx.ingress.kubernetes.io/auth-url</code>. Locations that should not get authenticated can be listed using <code>no-auth-locations</code> See <a href=#no-auth-locations>no-auth-locations</a>. In addition, each service can be excluded from authentication via annotation <code>enable-global-auth</code> set to "false". <em><strong>default:</strong></em> ""</p> <p><em>References:</em> <a href=https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#external-authentication>https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#external-authentication</a></p> <h2 id=global-auth-method>global-auth-method<a class=headerlink href=#global-auth-method title="Permanent link"> ¶</a></h2> <p>A HTTP method to use for an existing service that provides authentication for all the locations. Similar to the Ingress rule annotation <code>nginx.ingress.kubernetes.io/auth-method</code>. <em><strong>default:</strong></em> ""</p> <h2 id=global-auth-signin>global-auth-signin<a class=headerlink href=#global-auth-signin title="Permanent link"> ¶</a></h2> <p>Sets the location of the error page for an existing service that provides authentication for all the locations. Similar to the Ingress rule annotation <code>nginx.ingress.kubernetes.io/auth-signin</code>. <em><strong>default:</strong></em> ""</p> <h2 id=global-auth-signin-redirect-param>global-auth-signin-redirect-param<a clas
        app = initialize({
          base: "../../..",
          features: ['navigation.tabs', 'navigation.tabs.sticky', 'navigation.instant', 'navigation.sections'],
          search: Object.assign({
            worker: "../../../assets/javascripts/worker/search.8c7e0a7e.min.js"
          }, typeof search !== "undefined" && search)
        })
      </script> </body> </html>