DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: fix booleans to all have quotes around their values

Browse source 
Signed-off-by: Yoofi Quansah <ybquansah@gmail.com>
This commit is contained in:
Yoofi Quansah 2024-06-18 11:14:12 -05:00
parent e084ad0a5e
commit 7d91e4d9ed
1 changed files with 251 additions and 251 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

502
docs/user-guide/nginx-configuration/configmap.md
View file

@ -15,9 +15,9 @@ data:
```
!!! important
The key and values in a ConfigMap can only be strings.
This means that we want a value with boolean values we need to quote the values, like "true" or "false".
Same for numbers, like "100".
The key and values in a ConfigMap can only be strings.
This means that we want a value with boolean values we need to quote the values, like "true" or "false".
Same for numbers, like "100".
"Slice" types (defined below as `[]string` or `[]int`) can be provided as a comma-delimited string.
@ -25,211 +25,211 @@ data:
The following table shows a configuration option's name, type, and the default value:
|name| type | default |notes|
|:---|:-------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----|
|[add-headers](#add-headers)| string | "" ||
|[allow-backend-server-header](#allow-backend-server-header)| bool | "false" ||
|[allow-cross-namespace-resources](#allow-cross-namespace-resources)| bool | "true" ||
|[allow-snippet-annotations](#allow-snippet-annotations)| bool | false ||
|[annotations-risk-level](#annotations-risk-level)| string | Critical ||
|[annotation-value-word-blocklist](#annotation-value-word-blocklist)| string array | "" ||
|[hide-headers](#hide-headers)| string array | empty ||
|[access-log-params](#access-log-params)| string | "" ||
|[access-log-path](#access-log-path)| string | "/var/log/nginx/access.log" ||
|[http-access-log-path](#http-access-log-path)| string | "" ||
|[stream-access-log-path](#stream-access-log-path)| string | "" ||
|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)| bool | "false" ||
|[error-log-path](#error-log-path)| string | "/var/log/nginx/error.log" ||
|[enable-modsecurity](#enable-modsecurity)| bool | "false" ||
|[modsecurity-snippet](#modsecurity-snippet)| string | "" ||
|[enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs)| bool | "false" ||
|[client-header-buffer-size](#client-header-buffer-size)| string | "1k" ||
|[client-header-timeout](#client-header-timeout)| int | 60 ||
|[client-body-buffer-size](#client-body-buffer-size)| string | "8k" ||
|[client-body-timeout](#client-body-timeout)| int | 60 ||
|[disable-access-log](#disable-access-log)| bool | false ||
|[disable-ipv6](#disable-ipv6)| bool | false ||
|[disable-ipv6-dns](#disable-ipv6-dns)| bool | false ||
|[enable-underscores-in-headers](#enable-underscores-in-headers)| bool | false ||
|[enable-ocsp](#enable-ocsp)| bool | false ||
|[ignore-invalid-headers](#ignore-invalid-headers)| bool | true ||
|[retry-non-idempotent](#retry-non-idempotent)| bool | "false" ||
|[error-log-level](#error-log-level)| string | "notice" ||
|[http2-max-field-size](#http2-max-field-size)| string | "" |DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)|
|[http2-max-header-size](#http2-max-header-size)| string | "" |DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers)|
|[http2-max-requests](#http2-max-requests)| int | 0 |DEPRECATED in favour of [keepalive_requests](#keepalive-requests)|
|[http2-max-concurrent-streams](#http2-max-concurrent-streams)| int | 128 ||
|[hsts](#hsts)| bool | "true" ||
|[hsts-include-subdomains](#hsts-include-subdomains)| bool | "true" ||
|[hsts-max-age](#hsts-max-age)| string | "31536000" ||
|[hsts-preload](#hsts-preload)| bool | "false" ||
|[keep-alive](#keep-alive)| int | 75 ||
|[keep-alive-requests](#keep-alive-requests)| int | 1000 ||
|[large-client-header-buffers](#large-client-header-buffers)| string | "4 8k" ||
|[log-format-escape-none](#log-format-escape-none)| bool | "false" ||
|[log-format-escape-json](#log-format-escape-json)| bool | "false" ||
|[log-format-upstream](#log-format-upstream)| string | `$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id` ||
|[log-format-stream](#log-format-stream)| string | `[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time` ||
|[enable-multi-accept](#enable-multi-accept)| bool | "true" ||
|[max-worker-connections](#max-worker-connections)| int | 16384 ||
|[max-worker-open-files](#max-worker-open-files)| int | 0 ||
|[map-hash-bucket-size](#max-hash-bucket-size)| int | 64 ||
|[nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist)| []string | "127.0.0.1" ||
|[nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist)| []string | "::1" ||
|[proxy-real-ip-cidr](#proxy-real-ip-cidr)| []string | "0.0.0.0/0" ||
|[proxy-set-headers](#proxy-set-headers)| string | "" ||
|[server-name-hash-max-size](#server-name-hash-max-size)| int | 1024 ||
|[server-name-hash-bucket-size](#server-name-hash-bucket-size)| int | `<size of the processors cache line>` |
|[proxy-headers-hash-max-size](#proxy-headers-hash-max-size)| int | 512 ||
|[proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size)| int | 64 ||
|[plugins](#plugins)| []string | ||
|[reuse-port](#reuse-port)| bool | "true" ||
|[server-tokens](#server-tokens)| bool | "false" ||
|[ssl-ciphers](#ssl-ciphers)| string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" ||
|[ssl-ecdh-curve](#ssl-ecdh-curve)| string | "auto" ||
|[ssl-dh-param](#ssl-dh-param)| string | "" ||
|[ssl-protocols](#ssl-protocols)| string | "TLSv1.2 TLSv1.3" ||
|[ssl-session-cache](#ssl-session-cache)| bool | "true" ||
|[ssl-session-cache-size](#ssl-session-cache-size)| string | "10m" ||
|[ssl-session-tickets](#ssl-session-tickets)| bool | "false" ||
|[ssl-session-ticket-key](#ssl-session-ticket-key)| string | `<Randomly Generated>` |
|[ssl-session-timeout](#ssl-session-timeout)| string | "10m" ||
|[ssl-buffer-size](#ssl-buffer-size)| string | "4k" ||
|[use-proxy-protocol](#use-proxy-protocol)| bool | "false" ||
|[proxy-protocol-header-timeout](#proxy-protocol-header-timeout)| string | "5s" ||
|[enable-aio-write](#enable-aio-write)| bool | "true" ||
|[use-gzip](#use-gzip)| bool | "false" ||
|[use-geoip](#use-geoip)| bool | "true" ||
|[use-geoip2](#use-geoip2)| bool | "false" ||
|[geoip2-autoreload-in-minutes](#geoip2-autoreload-in-minutes)| int | "0" ||
|[enable-brotli](#enable-brotli)| bool | "false" ||
|[brotli-level](#brotli-level)| int | 4 ||
|[brotli-min-length](#brotli-min-length)| int | 20 ||
|[brotli-types](#brotli-types)| string | "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" ||
|[use-http2](#use-http2)| bool | "true" ||
|[gzip-disable](#gzip-disable)| string | "" ||
|[gzip-level](#gzip-level)| int | 1 ||
|[gzip-min-length](#gzip-min-length)| int | 256 ||
|[gzip-types](#gzip-types)| string | "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" ||
|[worker-processes](#worker-processes)| string | `<Number of CPUs>` ||
|[worker-cpu-affinity](#worker-cpu-affinity)| string | "" ||
|[worker-shutdown-timeout](#worker-shutdown-timeout)| string | "240s" ||
|[enable-serial-reloads](#enable-serial-reloads)|bool|"false"||
|[load-balance](#load-balance)| string | "round_robin" ||
|[variables-hash-bucket-size](#variables-hash-bucket-size)| int | 128 ||
|[variables-hash-max-size](#variables-hash-max-size)| int | 2048 ||
|[upstream-keepalive-connections](#upstream-keepalive-connections)| int | 320 ||
|[upstream-keepalive-time](#upstream-keepalive-time)| string | "1h" ||
|[upstream-keepalive-timeout](#upstream-keepalive-timeout)| int | 60 ||
|[upstream-keepalive-requests](#upstream-keepalive-requests)| int | 10000 ||
|[limit-conn-zone-variable](#limit-conn-zone-variable)| string | "$binary_remote_addr" ||
|[proxy-stream-timeout](#proxy-stream-timeout)| string | "600s" ||
|[proxy-stream-next-upstream](#proxy-stream-next-upstream)| bool | "true" ||
|[proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout)| string | "600s" ||
|[proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries)| int | 3 ||
|[proxy-stream-responses](#proxy-stream-responses)| int | 1 ||
|[bind-address](#bind-address)| []string | "" ||
|[use-forwarded-headers](#use-forwarded-headers)| bool | "false" ||
|[enable-real-ip](#enable-real-ip)| bool | "false" ||
|[forwarded-for-header](#forwarded-for-header)| string | "X-Forwarded-For" ||
|[compute-full-forwarded-for](#compute-full-forwarded-for)| bool | "false" ||
|[proxy-add-original-uri-header](#proxy-add-original-uri-header)| bool | "false" ||
|[generate-request-id](#generate-request-id)| bool | "true" ||
|[jaeger-collector-host](#jaeger-collector-host)| string | "" ||
|[jaeger-collector-port](#jaeger-collector-port)| int | 6831 ||
|[jaeger-endpoint](#jaeger-endpoint)| string | "" ||
|[jaeger-service-name](#jaeger-service-name)| string | "nginx" ||
|[jaeger-propagation-format](#jaeger-propagation-format)| string | "jaeger" ||
|[jaeger-sampler-type](#jaeger-sampler-type)| string | "const" ||
|[jaeger-sampler-param](#jaeger-sampler-param)| string | "1" ||
|[jaeger-sampler-host](#jaeger-sampler-host)| string | "http://127.0.0.1" ||
|[jaeger-sampler-port](#jaeger-sampler-port)| int | 5778 ||
|[jaeger-trace-context-header-name](#jaeger-trace-context-header-name)| string | uber-trace-id ||
|[jaeger-debug-header](#jaeger-debug-header)| string | uber-debug-id ||
|[jaeger-baggage-header](#jaeger-baggage-header)| string | jaeger-baggage ||
|[jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix)| string | uberctx- ||
|[datadog-collector-host](#datadog-collector-host)| string | "" ||
|[datadog-collector-port](#datadog-collector-port)| int | 8126 ||
|[datadog-service-name](#datadog-service-name)| string | "nginx" ||
|[datadog-environment](#datadog-environment)| string | "prod" ||
|[datadog-operation-name-override](#datadog-operation-name-override)| string | "nginx.handle" ||
|[datadog-priority-sampling](#datadog-priority-sampling)| bool | "true" ||
|[datadog-sample-rate](#datadog-sample-rate)| float | 1.0 ||
|[enable-opentelemetry](#enable-opentelemetry)| bool | "false" ||
|[opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span)| bool | "true" ||
|[opentelemetry-operation-name](#opentelemetry-operation-name)| string | "" ||
|[opentelemetry-config](#/etc/nginx/opentelemetry.toml)| string | "/etc/nginx/opentelemetry.toml" ||
|[otlp-collector-host](#otlp-collector-host)| string | "" ||
|[otlp-collector-port](#otlp-collector-port)| int | 4317 ||
|[otel-max-queuesize](#otel-max-queuesize)| int | ||
|[otel-schedule-delay-millis](#otel-schedule-delay-millis)| int | ||
|[otel-max-export-batch-size](#otel-max-export-batch-size)| int | ||
|[otel-service-name](#otel-service-name)| string | "nginx" ||
|[otel-sampler](#otel-sampler)| string | "AlwaysOff" ||
|[otel-sampler-parent-based](#otel-sampler-parent-based)| bool | "false" ||
|[otel-sampler-ratio](#otel-sampler-ratio)| float | 0.01 ||
|[main-snippet](#main-snippet)| string | "" ||
|[http-snippet](#http-snippet)| string | "" ||
|[server-snippet](#server-snippet)| string | "" ||
|[stream-snippet](#stream-snippet)| string | "" ||
|[location-snippet](#location-snippet)| string | "" ||
|[custom-http-errors](#custom-http-errors)| []int | []int{} ||
|[proxy-body-size](#proxy-body-size)| string | "1m" ||
|[proxy-connect-timeout](#proxy-connect-timeout)| int | 5 ||
|[proxy-read-timeout](#proxy-read-timeout)| int | 60 ||
|[proxy-send-timeout](#proxy-send-timeout)| int | 60 ||
|[proxy-buffers-number](#proxy-buffers-number)| int | 4 ||
|[proxy-buffer-size](#proxy-buffer-size)| string | "4k" ||
|[proxy-cookie-path](#proxy-cookie-path)| string | "off" ||
|[proxy-cookie-domain](#proxy-cookie-domain)| string | "off" ||
|[proxy-next-upstream](#proxy-next-upstream)| string | "error timeout" ||
|[proxy-next-upstream-timeout](#proxy-next-upstream-timeout)| int | 0 ||
|[proxy-next-upstream-tries](#proxy-next-upstream-tries)| int | 3 ||
|[proxy-redirect-from](#proxy-redirect-from)| string | "off" ||
|[proxy-request-buffering](#proxy-request-buffering)| string | "on" ||
|[ssl-redirect](#ssl-redirect)| bool | "true" ||
|[force-ssl-redirect](#force-ssl-redirect)| bool | "false" ||
|[denylist-source-range](#denylist-source-range)| []string | []string{} ||
|[whitelist-source-range](#whitelist-source-range)| []string | []string{} ||
|[skip-access-log-urls](#skip-access-log-urls)| []string | []string{} ||
|[limit-rate](#limit-rate)| int | 0 ||
|[limit-rate-after](#limit-rate-after)| int | 0 ||
|[lua-shared-dicts](#lua-shared-dicts)| string | "" ||
|[http-redirect-code](#http-redirect-code)| int | 308 ||
|[proxy-buffering](#proxy-buffering)| string | "off" ||
|[limit-req-status-code](#limit-req-status-code)| int | 503 ||
|[limit-conn-status-code](#limit-conn-status-code)| int | 503 ||
|[enable-syslog](#enable-syslog)| bool | false ||
|[syslog-host](#syslog-host)| string | "" ||
|[syslog-port](#syslog-port)| int | 514 ||
|[no-tls-redirect-locations](#no-tls-redirect-locations)| string | "/.well-known/acme-challenge" ||
|[global-allowed-response-headers](#global-allowed-response-headers)|string|""||
|[global-auth-url](#global-auth-url)| string | "" ||
|[global-auth-method](#global-auth-method)| string | "" ||
|[global-auth-signin](#global-auth-signin)| string | "" ||
|[global-auth-signin-redirect-param](#global-auth-signin-redirect-param)| string | "rd" ||
|[global-auth-response-headers](#global-auth-response-headers)| string | "" ||
|[global-auth-request-redirect](#global-auth-request-redirect)| string | "" ||
|[global-auth-snippet](#global-auth-snippet)| string | "" ||
|[global-auth-cache-key](#global-auth-cache-key)| string | "" ||
|[global-auth-cache-duration](#global-auth-cache-duration)| string | "200 202 401 5m" ||
|[no-auth-locations](#no-auth-locations)| string | "/.well-known/acme-challenge" ||
|[block-cidrs](#block-cidrs)| []string | "" ||
|[block-user-agents](#block-user-agents)| []string | "" ||
|[block-referers](#block-referers)| []string | "" ||
|[proxy-ssl-location-only](#proxy-ssl-location-only)| bool | "false" ||
|[default-type](#default-type)| string | "text/html" ||
|[global-rate-limit-memcached-host](#global-rate-limit)| string | "" ||
|[global-rate-limit-memcached-port](#global-rate-limit)| int | 11211 ||
|[global-rate-limit-memcached-connect-timeout](#global-rate-limit)| int | 50 ||
|[global-rate-limit-memcached-max-idle-timeout](#global-rate-limit)| int | 10000 ||
|[global-rate-limit-memcached-pool-size](#global-rate-limit)| int | 50 ||
|[global-rate-limit-status-code](#global-rate-limit)| int | 429 ||
|[service-upstream](#service-upstream)| bool | "false" ||
|[ssl-reject-handshake](#ssl-reject-handshake)| bool | "false" ||
|[debug-connections](#debug-connections)| []string | "127.0.0.1,1.1.1.1/24" ||
|[strict-validate-path-type](#strict-validate-path-type)| bool | "false" (v1.7.x) ||
|[grpc-buffer-size-kb](#grpc-buffer-size-kb)| int | 0 ||
| name | type | default | notes |
| :------------------------------------------------------------------------------ | :----------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------- |
| [add-headers](#add-headers) | string | "" | |
| [allow-backend-server-header](#allow-backend-server-header) | bool | "false" | |
| [allow-cross-namespace-resources](#allow-cross-namespace-resources) | bool | "true" | |
| [allow-snippet-annotations](#allow-snippet-annotations) | bool | "false" | |
| [annotations-risk-level](#annotations-risk-level) | string | Critical | |
| [annotation-value-word-blocklist](#annotation-value-word-blocklist) | string array | "" | |
| [hide-headers](#hide-headers) | string array | empty | |
| [access-log-params](#access-log-params) | string | "" | |
| [access-log-path](#access-log-path) | string | "/var/log/nginx/access.log" | |
| [http-access-log-path](#http-access-log-path) | string | "" | |
| [stream-access-log-path](#stream-access-log-path) | string | "" | |
| [enable-access-log-for-default-backend](#enable-access-log-for-default-backend) | bool | "false" | |
| [error-log-path](#error-log-path) | string | "/var/log/nginx/error.log" | |
| [enable-modsecurity](#enable-modsecurity) | bool | "false" | |
| [modsecurity-snippet](#modsecurity-snippet) | string | "" | |
| [enable-owasp-modsecurity-crs](#enable-owasp-modsecurity-crs) | bool | "false" | |
| [client-header-buffer-size](#client-header-buffer-size) | string | "1k" | |
| [client-header-timeout](#client-header-timeout) | int | 60 | |
| [client-body-buffer-size](#client-body-buffer-size) | string | "8k" | |
| [client-body-timeout](#client-body-timeout) | int | 60 | |
| [disable-access-log](#disable-access-log) | bool | "false" | |
| [disable-ipv6](#disable-ipv6) | bool | "false" | |
| [disable-ipv6-dns](#disable-ipv6-dns) | bool | "false" | |
| [enable-underscores-in-headers](#enable-underscores-in-headers) | bool | "false" | |
| [enable-ocsp](#enable-ocsp) | bool | "false" | |
| [ignore-invalid-headers](#ignore-invalid-headers) | bool | "true" | |
| [retry-non-idempotent](#retry-non-idempotent) | bool | "false" | |
| [error-log-level](#error-log-level) | string | "notice" | |
| [http2-max-field-size](#http2-max-field-size) | string | "" | DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers) |
| [http2-max-header-size](#http2-max-header-size) | string | "" | DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers) |
| [http2-max-requests](#http2-max-requests) | int | 0 | DEPRECATED in favour of [keepalive_requests](#keepalive-requests) |
| [http2-max-concurrent-streams](#http2-max-concurrent-streams) | int | 128 | |
| [hsts](#hsts) | bool | "true" | |
| [hsts-include-subdomains](#hsts-include-subdomains) | bool | "true" | |
| [hsts-max-age](#hsts-max-age) | string | "31536000" | |
| [hsts-preload](#hsts-preload) | bool | "false" | |
| [keep-alive](#keep-alive) | int | 75 | |
| [keep-alive-requests](#keep-alive-requests) | int | 1000 | |
| [large-client-header-buffers](#large-client-header-buffers) | string | "4 8k" | |
| [log-format-escape-none](#log-format-escape-none) | bool | "false" | |
| [log-format-escape-json](#log-format-escape-json) | bool | "false" | |
| [log-format-upstream](#log-format-upstream) | string | `$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id` | |
| [log-format-stream](#log-format-stream) | string | `[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time` | |
| [enable-multi-accept](#enable-multi-accept) | bool | "true" | |
| [max-worker-connections](#max-worker-connections) | int | 16384 | |
| [max-worker-open-files](#max-worker-open-files) | int | 0 | |
| [map-hash-bucket-size](#max-hash-bucket-size) | int | 64 | |
| [nginx-status-ipv4-whitelist](#nginx-status-ipv4-whitelist) | []string | "127.0.0.1" | |
| [nginx-status-ipv6-whitelist](#nginx-status-ipv6-whitelist) | []string | "::1" | |
| [proxy-real-ip-cidr](#proxy-real-ip-cidr) | []string | "0.0.0.0/0" | |
| [proxy-set-headers](#proxy-set-headers) | string | "" | |
| [server-name-hash-max-size](#server-name-hash-max-size) | int | 1024 | |
| [server-name-hash-bucket-size](#server-name-hash-bucket-size) | int | `<size of the processors cache line>` |
| [proxy-headers-hash-max-size](#proxy-headers-hash-max-size) | int | 512 | |
| [proxy-headers-hash-bucket-size](#proxy-headers-hash-bucket-size) | int | 64 | |
| [plugins](#plugins) | []string | | |
| [reuse-port](#reuse-port) | bool | "true" | |
| [server-tokens](#server-tokens) | bool | "false" | |
| [ssl-ciphers](#ssl-ciphers) | string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" | |
| [ssl-ecdh-curve](#ssl-ecdh-curve) | string | "auto" | |
| [ssl-dh-param](#ssl-dh-param) | string | "" | |
| [ssl-protocols](#ssl-protocols) | string | "TLSv1.2 TLSv1.3" | |
| [ssl-session-cache](#ssl-session-cache) | bool | "true" | |
| [ssl-session-cache-size](#ssl-session-cache-size) | string | "10m" | |
| [ssl-session-tickets](#ssl-session-tickets) | bool | "false" | |
| [ssl-session-ticket-key](#ssl-session-ticket-key) | string | `<Randomly Generated>` |
| [ssl-session-timeout](#ssl-session-timeout) | string | "10m" | |
| [ssl-buffer-size](#ssl-buffer-size) | string | "4k" | |
| [use-proxy-protocol](#use-proxy-protocol) | bool | "false" | |
| [proxy-protocol-header-timeout](#proxy-protocol-header-timeout) | string | "5s" | |
| [enable-aio-write](#enable-aio-write) | bool | "true" | |
| [use-gzip](#use-gzip) | bool | "false" | |
| [use-geoip](#use-geoip) | bool | "true" | |
| [use-geoip2](#use-geoip2) | bool | "false" | |
| [geoip2-autoreload-in-minutes](#geoip2-autoreload-in-minutes) | int | "0" | |
| [enable-brotli](#enable-brotli) | bool | "false" | |
| [brotli-level](#brotli-level) | int | 4 | |
| [brotli-min-length](#brotli-min-length) | int | 20 | |
| [brotli-types](#brotli-types) | string | "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" | |
| [use-http2](#use-http2) | bool | "true" | |
| [gzip-disable](#gzip-disable) | string | "" | |
| [gzip-level](#gzip-level) | int | 1 | |
| [gzip-min-length](#gzip-min-length) | int | 256 | |
| [gzip-types](#gzip-types) | string | "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" | |
| [worker-processes](#worker-processes) | string | `<Number of CPUs>` | |
| [worker-cpu-affinity](#worker-cpu-affinity) | string | "" | |
| [worker-shutdown-timeout](#worker-shutdown-timeout) | string | "240s" | |
| [enable-serial-reloads](#enable-serial-reloads) | bool | "false" | |
| [load-balance](#load-balance) | string | "round_robin" | |
| [variables-hash-bucket-size](#variables-hash-bucket-size) | int | 128 | |
| [variables-hash-max-size](#variables-hash-max-size) | int | 2048 | |
| [upstream-keepalive-connections](#upstream-keepalive-connections) | int | 320 | |
| [upstream-keepalive-time](#upstream-keepalive-time) | string | "1h" | |
| [upstream-keepalive-timeout](#upstream-keepalive-timeout) | int | 60 | |
| [upstream-keepalive-requests](#upstream-keepalive-requests) | int | 10000 | |
| [limit-conn-zone-variable](#limit-conn-zone-variable) | string | "$binary_remote_addr" | |
| [proxy-stream-timeout](#proxy-stream-timeout) | string | "600s" | |
| [proxy-stream-next-upstream](#proxy-stream-next-upstream) | bool | "true" | |
| [proxy-stream-next-upstream-timeout](#proxy-stream-next-upstream-timeout) | string | "600s" | |
| [proxy-stream-next-upstream-tries](#proxy-stream-next-upstream-tries) | int | 3 | |
| [proxy-stream-responses](#proxy-stream-responses) | int | 1 | |
| [bind-address](#bind-address) | []string | "" | |
| [use-forwarded-headers](#use-forwarded-headers) | bool | "false" | |
| [enable-real-ip](#enable-real-ip) | bool | "false" | |
| [forwarded-for-header](#forwarded-for-header) | string | "X-Forwarded-For" | |
| [compute-full-forwarded-for](#compute-full-forwarded-for) | bool | "false" | |
| [proxy-add-original-uri-header](#proxy-add-original-uri-header) | bool | "false" | |
| [generate-request-id](#generate-request-id) | bool | "true" | |
| [jaeger-collector-host](#jaeger-collector-host) | string | "" | |
| [jaeger-collector-port](#jaeger-collector-port) | int | 6831 | |
| [jaeger-endpoint](#jaeger-endpoint) | string | "" | |
| [jaeger-service-name](#jaeger-service-name) | string | "nginx" | |
| [jaeger-propagation-format](#jaeger-propagation-format) | string | "jaeger" | |
| [jaeger-sampler-type](#jaeger-sampler-type) | string | "const" | |
| [jaeger-sampler-param](#jaeger-sampler-param) | string | "1" | |
| [jaeger-sampler-host](#jaeger-sampler-host) | string | "http://127.0.0.1" | |
| [jaeger-sampler-port](#jaeger-sampler-port) | int | 5778 | |
| [jaeger-trace-context-header-name](#jaeger-trace-context-header-name) | string | uber-trace-id | |
| [jaeger-debug-header](#jaeger-debug-header) | string | uber-debug-id | |
| [jaeger-baggage-header](#jaeger-baggage-header) | string | jaeger-baggage | |
| [jaeger-trace-baggage-header-prefix](#jaeger-trace-baggage-header-prefix) | string | uberctx- | |
| [datadog-collector-host](#datadog-collector-host) | string | "" | |
| [datadog-collector-port](#datadog-collector-port) | int | 8126 | |
| [datadog-service-name](#datadog-service-name) | string | "nginx" | |
| [datadog-environment](#datadog-environment) | string | "prod" | |
| [datadog-operation-name-override](#datadog-operation-name-override) | string | "nginx.handle" | |
| [datadog-priority-sampling](#datadog-priority-sampling) | bool | "true" | |
| [datadog-sample-rate](#datadog-sample-rate) | float | 1.0 | |
| [enable-opentelemetry](#enable-opentelemetry) | bool | "false" | |
| [opentelemetry-trust-incoming-span](#opentelemetry-trust-incoming-span) | bool | "true" | |
| [opentelemetry-operation-name](#opentelemetry-operation-name) | string | "" | |
| [opentelemetry-config](#/etc/nginx/opentelemetry.toml) | string | "/etc/nginx/opentelemetry.toml" | |
| [otlp-collector-host](#otlp-collector-host) | string | "" | |
| [otlp-collector-port](#otlp-collector-port) | int | 4317 | |
| [otel-max-queuesize](#otel-max-queuesize) | int | | |
| [otel-schedule-delay-millis](#otel-schedule-delay-millis) | int | | |
| [otel-max-export-batch-size](#otel-max-export-batch-size) | int | | |
| [otel-service-name](#otel-service-name) | string | "nginx" | |
| [otel-sampler](#otel-sampler) | string | "AlwaysOff" | |
| [otel-sampler-parent-based](#otel-sampler-parent-based) | bool | "false" | |
| [otel-sampler-ratio](#otel-sampler-ratio) | float | 0.01 | |
| [main-snippet](#main-snippet) | string | "" | |
| [http-snippet](#http-snippet) | string | "" | |
| [server-snippet](#server-snippet) | string | "" | |
| [stream-snippet](#stream-snippet) | string | "" | |
| [location-snippet](#location-snippet) | string | "" | |
| [custom-http-errors](#custom-http-errors) | []int | []int{} | |
| [proxy-body-size](#proxy-body-size) | string | "1m" | |
| [proxy-connect-timeout](#proxy-connect-timeout) | int | 5 | |
| [proxy-read-timeout](#proxy-read-timeout) | int | 60 | |
| [proxy-send-timeout](#proxy-send-timeout) | int | 60 | |
| [proxy-buffers-number](#proxy-buffers-number) | int | 4 | |
| [proxy-buffer-size](#proxy-buffer-size) | string | "4k" | |
| [proxy-cookie-path](#proxy-cookie-path) | string | "off" | |
| [proxy-cookie-domain](#proxy-cookie-domain) | string | "off" | |
| [proxy-next-upstream](#proxy-next-upstream) | string | "error timeout" | |
| [proxy-next-upstream-timeout](#proxy-next-upstream-timeout) | int | 0 | |
| [proxy-next-upstream-tries](#proxy-next-upstream-tries) | int | 3 | |
| [proxy-redirect-from](#proxy-redirect-from) | string | "off" | |
| [proxy-request-buffering](#proxy-request-buffering) | string | "on" | |
| [ssl-redirect](#ssl-redirect) | bool | "true" | |
| [force-ssl-redirect](#force-ssl-redirect) | bool | "false" | |
| [denylist-source-range](#denylist-source-range) | []string | []string{} | |
| [whitelist-source-range](#whitelist-source-range) | []string | []string{} | |
| [skip-access-log-urls](#skip-access-log-urls) | []string | []string{} | |
| [limit-rate](#limit-rate) | int | 0 | |
| [limit-rate-after](#limit-rate-after) | int | 0 | |
| [lua-shared-dicts](#lua-shared-dicts) | string | "" | |
| [http-redirect-code](#http-redirect-code) | int | 308 | |
| [proxy-buffering](#proxy-buffering) | string | "off" | |
| [limit-req-status-code](#limit-req-status-code) | int | 503 | |
| [limit-conn-status-code](#limit-conn-status-code) | int | 503 | |
| [enable-syslog](#enable-syslog) | bool | "false" | |
| [syslog-host](#syslog-host) | string | "" | |
| [syslog-port](#syslog-port) | int | 514 | |
| [no-tls-redirect-locations](#no-tls-redirect-locations) | string | "/.well-known/acme-challenge" | |
| [global-allowed-response-headers](#global-allowed-response-headers) | string | "" | |
| [global-auth-url](#global-auth-url) | string | "" | |
| [global-auth-method](#global-auth-method) | string | "" | |
| [global-auth-signin](#global-auth-signin) | string | "" | |
| [global-auth-signin-redirect-param](#global-auth-signin-redirect-param) | string | "rd" | |
| [global-auth-response-headers](#global-auth-response-headers) | string | "" | |
| [global-auth-request-redirect](#global-auth-request-redirect) | string | "" | |
| [global-auth-snippet](#global-auth-snippet) | string | "" | |
| [global-auth-cache-key](#global-auth-cache-key) | string | "" | |
| [global-auth-cache-duration](#global-auth-cache-duration) | string | "200 202 401 5m" | |
| [no-auth-locations](#no-auth-locations) | string | "/.well-known/acme-challenge" | |
| [block-cidrs](#block-cidrs) | []string | "" | |
| [block-user-agents](#block-user-agents) | []string | "" | |
| [block-referers](#block-referers) | []string | "" | |
| [proxy-ssl-location-only](#proxy-ssl-location-only) | bool | "false" | |
| [default-type](#default-type) | string | "text/html" | |
| [global-rate-limit-memcached-host](#global-rate-limit) | string | "" | |
| [global-rate-limit-memcached-port](#global-rate-limit) | int | 11211 | |
| [global-rate-limit-memcached-connect-timeout](#global-rate-limit) | int | 50 | |
| [global-rate-limit-memcached-max-idle-timeout](#global-rate-limit) | int | 10000 | |
| [global-rate-limit-memcached-pool-size](#global-rate-limit) | int | 50 | |
| [global-rate-limit-status-code](#global-rate-limit) | int | 429 | |
| [service-upstream](#service-upstream) | bool | "false" | |
| [ssl-reject-handshake](#ssl-reject-handshake) | bool | "false" | |
| [debug-connections](#debug-connections) | []string | "127.0.0.1,1.1.1.1/24" | |
| [strict-validate-path-type](#strict-validate-path-type) | bool | "false" (v1.7.x) | |
| [grpc-buffer-size-kb](#grpc-buffer-size-kb) | int | 0 | |
## add-headers
@ -244,18 +244,18 @@ Enables the return of the header Server from the backend instead of the generic
Enables users to consume cross namespace resource on annotations, when was previously enabled . _**default:**_ true
**Annotations that may be impacted with this change**:
* `auth-secret`
* `auth-proxy-set-header`
* `auth-tls-secret`
* `fastcgi-params-configmap`
* `proxy-ssl-secret`
- `auth-secret`
- `auth-proxy-set-header`
- `auth-tls-secret`
- `fastcgi-params-configmap`
- `proxy-ssl-secret`
**This option will be defaulted to false in the next major release**
## allow-snippet-annotations
Enables Ingress to parse and add *-snippet annotations/directives created by the user. _**default:**_ `false`
Enables Ingress to parse and add \*-snippet annotations/directives created by the user. _**default:**_ `false`
Warning: We recommend enabling this option only if you TRUST users with permission to create Ingress objects, as this
may allow a user to add restricted configurations to the final nginx.conf file
@ -303,21 +303,21 @@ _References:_
Access log path for both http and stream context. Goes to `/var/log/nginx/access.log` by default.
__Note:__ the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout`
**Note:** the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout`
## http-access-log-path
Access log path for http context globally.
_**default:**_ ""
__Note:__ If not specified, the `access-log-path` will be used.
**Note:** If not specified, the `access-log-path` will be used.
## stream-access-log-path
Access log path for stream context globally.
_**default:**_ ""
__Note:__ If not specified, the `access-log-path` will be used.
**Note:** If not specified, the `access-log-path` will be used.
## enable-access-log-for-default-backend
@ -327,7 +327,7 @@ Enables logging access to default backend. _**default:**_ is disabled.
Error log path. Goes to `/var/log/nginx/error.log` by default.
__Note:__ the file `/var/log/nginx/error.log` is a symlink to `/dev/stderr`
**Note:** the file `/var/log/nginx/error.log` is a symlink to `/dev/stderr`
_References:_
[https://nginx.org/en/docs/ngx_core_module.html#error_log](https://nginx.org/en/docs/ngx_core_module.html#error_log)
@ -415,7 +415,7 @@ _References:_
## http2-max-field-size
!!! warning
This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [large-client-header-buffers](#large-client-header-buffers) instead.
This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [large-client-header-buffers](#large-client-header-buffers) instead.
Limits the maximum size of an HPACK-compressed request header field.
@ -425,7 +425,7 @@ _References:_
## http2-max-header-size
!!! warning
This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [large-client-header-buffers](#large-client-header-buffers) instead.
This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [large-client-header-buffers](#large-client-header-buffers) instead.
Limits the maximum size of the entire request header list after HPACK decompression.
@ -435,7 +435,7 @@ _References:_
## http2-max-requests
!!! warning
This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [upstream-keepalive-requests](#upstream-keepalive-requests) instead.
This feature was deprecated in 1.1.3 and will be removed in 1.3.0. Use [upstream-keepalive-requests](#upstream-keepalive-requests) instead.
Sets the maximum number of requests (including push requests) that can be served through one HTTP/2 connection, after which the next client request will lead to connection closing and the need of establishing a new connection.
@ -479,7 +479,7 @@ _References:_
[https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout)
!!! important
Setting `keep-alive: '0'` will most likely break concurrent http/2 requests due to changes introduced with nginx 1.19.7
Setting `keep-alive: '0'` will most likely break concurrent http/2 requests due to changes introduced with nginx 1.19.7
```
Changes with nginx 1.19.7 16 Feb 2021
@ -552,7 +552,7 @@ Sets the [maximum number of simultaneous connections](https://nginx.org/en/docs/
_**default:**_ 16384
!!! tip
Using 0 in scenarios of high load improves performance at the cost of increasing RAM utilization (even on idle).
Using 0 in scenarios of high load improves performance at the cost of increasing RAM utilization (even on idle).
## max-worker-open-files
@ -571,7 +571,7 @@ _**default:**_ "0.0.0.0/0"
## proxy-set-headers
Sets custom headers from named configmap before sending traffic to backends. The value format is namespace/name. See [example](https://kubernetes.github.io/ingress-nginx/examples/customization/custom-headers/)
Sets custom headers from named configmap before sending traffic to backends. The value format is namespace/name. See [example](https://kubernetes.github.io/ingress-nginx/examples/customization/custom-headers/)
## server-name-hash-max-size
@ -600,8 +600,8 @@ _References:_
## reuse-port
Instructs NGINX to create an individual listening socket for each worker process (using the SO_REUSEPORT socket option), allowing a kernel to distribute incoming connections between worker processes
_**default:**_ true
Instructs NGINX to create an individual listening socket for each worker process (using the SO\*REUSEPORT socket option), allowing a kernel to distribute incoming connections between worker processes
**\*default:**\_ true
## proxy-headers-hash-bucket-size
@ -625,7 +625,7 @@ Send NGINX Server header in responses and display NGINX version in error pages.
Sets the [ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) list to enable. The ciphers are specified in the format understood by the OpenSSL library.
The default cipher list is:
`ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`.
`ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`.
The ordering of a ciphersuite is very important because it decides which algorithms are going to be selected in priority. The recommendation above prioritizes algorithms that provide perfect [forward secrecy](https://wiki.mozilla.org/Security/Server_Side_TLS#Forward_Secrecy).
@ -633,7 +633,7 @@ DHE-based cyphers will not be available until DH parameter is configured [Custom
Please check the [Mozilla SSL Configuration Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/).
__Note:__ ssl_prefer_server_ciphers directive will be enabled by default for http context.
**Note:** ssl_prefer_server_ciphers directive will be enabled by default for http context.
## ssl-ecdh-curve
@ -720,7 +720,7 @@ Enables or disables compression of HTTP responses using the ["gzip" module](http
Enables or disables ["geoip" module](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) that creates variables with values depending on the client IP address, using the precompiled MaxMind databases.
_**default:**_ true
> __Note:__ MaxMind legacy databases are discontinued and will not receive updates after 2019-01-02, cf. [discontinuation notice](https://support.maxmind.com/geolite-legacy-discontinuation-notice/). Consider [use-geoip2](#use-geoip2) below.
> **Note:** MaxMind legacy databases are discontinued and will not receive updates after 2019-01-02, cf. [discontinuation notice](https://support.maxmind.com/geolite-legacy-discontinuation-notice/). Consider [use-geoip2](#use-geoip2) below.
## use-geoip2
@ -730,7 +730,7 @@ For this reason, it is required to define a new flag `--maxmind-license-key` in
Alternatively, it is possible to use a volume to mount the files `/etc/ingress-controller/geoip/GeoLite2-City.mmdb` and `/etc/ingress-controller/geoip/GeoLite2-ASN.mmdb`, avoiding the overhead of the download.
!!! important
If the feature is enabled but the files are missing, GeoIP2 will not be enabled.
If the feature is enabled but the files are missing, GeoIP2 will not be enabled.
_**default:**_ false
@ -743,10 +743,10 @@ _**default:**_ 0
## enable-brotli
Enables or disables compression of HTTP responses using the ["brotli" module](https://github.com/google/ngx_brotli).
The default mime type list to compress is: `application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component`.
The default mime type list to compress is: `application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component`.
_**default:**_ false
> __Note:__ Brotli does not works in Safari < 11. For more information see [https://caniuse.com/#feat=brotli](https://caniuse.com/#feat=brotli)
> **Note:** Brotli does not works in Safari < 11. For more information see [https://caniuse.com/#feat=brotli](https://caniuse.com/#feat=brotli)
## brotli-level
@ -840,11 +840,10 @@ _**default:**_ 320
_References:_
[https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive)
## upstream-keepalive-time
Sets the maximum time during which requests can be processed through one keepalive connection.
_**default:**_ "1h"
_**default:**_ "1h"
_References:_
[http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_time)
@ -852,23 +851,20 @@ _References:_
## upstream-keepalive-timeout
Sets a timeout during which an idle keepalive connection to an upstream server will stay open.
_**default:**_ 60
_**default:**_ 60
_References:_
[https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout)
## upstream-keepalive-requests
Sets the maximum number of requests that can be served through one keepalive connection. After the maximum number of
requests is made, the connection is closed.
_**default:**_ 10000
_References:_
[https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests)
## limit-conn-zone-variable
Sets parameters for a shared memory zone that will keep states for various keys of [limit_conn_zone](https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn_zone). The default of "$binary_remote_addr" variables size is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses.
@ -910,7 +906,7 @@ _References:_
## bind-address
Sets the addresses on which the server will accept requests instead of *. It should be noted that these addresses must exist in the runtime environment or the controller will crash loop.
Sets the addresses on which the server will accept requests instead of \*. It should be noted that these addresses must exist in the runtime environment or the controller will crash loop.
## use-forwarded-headers
@ -1047,10 +1043,11 @@ Specifies the port to use when uploading traces. _**default:**_ 4317
Specifies the service name to use for any traces created. _**default:**_ nginx
## opentelemetry-trust-incoming-span: "true"
## opentelemetry-trust-incoming-span: "true"
Enables or disables using spans from incoming requests as parent for created ones. _**default:**_ true
## otel-sampler-parent-based
## otel-sampler-parent-based
Uses sampler implementation which by default will take a sample if parent Activity is sampled. _**default:**_ false
@ -1160,6 +1157,7 @@ Sets the global value of redirects (301) to HTTPS if the server has a TLS certif
_**default:**_ "true"
## force-ssl-redirect
Sets the global value of redirects (308) to HTTPS if the server has a default TLS certificate (defined in extra-args).
_**default:**_ "false"
@ -1218,7 +1216,7 @@ Sets the HTTP status code to be used in redirects.
Supported codes are [301](https://developer.mozilla.org/docs/Web/HTTP/Status/301),[302](https://developer.mozilla.org/docs/Web/HTTP/Status/302),[307](https://developer.mozilla.org/docs/Web/HTTP/Status/307) and [308](https://developer.mozilla.org/docs/Web/HTTP/Status/308)
_**default:**_ 308
> __Why the default code is 308?__
> **Why the default code is 308?**
> [RFC 7238](https://tools.ietf.org/html/rfc7238) was created to define the 308 (Permanent Redirect) status code that is similar to 301 (Moved Permanently) but it keeps the payload in the redirect. This is important if we send a redirect in methods like POST.
@ -1356,16 +1354,16 @@ _References:_
## global-rate-limit
* `global-rate-limit-status-code`: configure HTTP status code to return when rejecting requests. Defaults to 429.
- `global-rate-limit-status-code`: configure HTTP status code to return when rejecting requests. Defaults to 429.
Configure `memcached` client for [Global Rate Limiting](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#global-rate-limiting).
* `global-rate-limit-memcached-host`: IP/FQDN of memcached server to use. Required to enable Global Rate Limiting.
* `global-rate-limit-memcached-port`: port of memcached server to use. Defaults default memcached port of `11211`.
* `global-rate-limit-memcached-connect-timeout`: configure timeout for connect, send and receive operations. Unit is millisecond. Defaults to 50ms.
* `global-rate-limit-memcached-max-idle-timeout`: configure timeout for cleaning idle connections. Unit is millisecond. Defaults to 50ms.
* `global-rate-limit-memcached-pool-size`: configure number of max connections to keep alive. Make sure your `memcached` server can handle
`global-rate-limit-memcached-pool-size * worker-processes * <number of ingress-nginx replicas>` simultaneous connections.
- `global-rate-limit-memcached-host`: IP/FQDN of memcached server to use. Required to enable Global Rate Limiting.
- `global-rate-limit-memcached-port`: port of memcached server to use. Defaults default memcached port of `11211`.
- `global-rate-limit-memcached-connect-timeout`: configure timeout for connect, send and receive operations. Unit is millisecond. Defaults to 50ms.
- `global-rate-limit-memcached-max-idle-timeout`: configure timeout for cleaning idle connections. Unit is millisecond. Defaults to 50ms.
- `global-rate-limit-memcached-pool-size`: configure number of max connections to keep alive. Make sure your `memcached` server can handle
`global-rate-limit-memcached-pool-size * worker-processes * <number of ingress-nginx replicas>` simultaneous connections.
These settings get used by [lua-resty-global-throttle](https://github.com/ElvinEfendi/lua-resty-global-throttle)
that ingress-nginx includes. Refer to the link to learn more about `lua-resty-global-throttle`.
@ -1384,6 +1382,7 @@ _References:_
[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake)
## debug-connections
Enables debugging log for selected client connections.
_**default:**_ ""
@ -1391,17 +1390,18 @@ _References:_
[http://nginx.org/en/docs/ngx_core_module.html#debug_connection](http://nginx.org/en/docs/ngx_core_module.html#debug_connection)
## strict-validate-path-type
Ingress objects contains a field called pathType that defines the proxy behavior. It can be `Exact`, `Prefix` and `ImplementationSpecific`.
When pathType is configured as `Exact` or `Prefix`, there should be a more strict validation, allowing only paths starting with "/" and
containing only alphanumeric characters and "-", "_" and additional "/".
containing only alphanumeric characters and "-", "\_" and additional "/".
When this option is enabled, the validation will happen on the Admission Webhook, making any Ingress not using pathType `ImplementationSpecific`
and containing invalid characters to be denied.
This means that Ingress objects that rely on paths containing regex characters should use `ImplementationSpecific` pathType.
The cluster admin should establish validation rules using mechanisms like [Open Policy Agent](https://www.openpolicyagent.org/) to
The cluster admin should establish validation rules using mechanisms like [Open Policy Agent](https://www.openpolicyagent.org/) to
validate that only authorized users can use `ImplementationSpecific` pathType and that only the authorized characters can be used.
## grpc-buffer-size-kb