Webserver headers and ciphers

Shreyas_Cholia · July 19, 2019, 10:15pm

I’m using z2jh for a small cluster and we need to adjust web-server level config options including

HSTS
SSL Cipher Suites

Does someone know what the appropriate entrypoint for making those changes would be in a typical z2jh stack?

-S

Shreyas_Cholia · July 22, 2019, 11:08pm

OK - I think I figured out how to set this in the Kubernetes Ingress. I think that makes this out of scope for the z2jh setup.

betatim · July 23, 2019, 4:57am

If you have a link to your config or a snippet that would be somethinng useful to post so that people from the future with a similar question can find it, even if it is out of scope

Shreyas_Cholia · August 2, 2019, 6:38pm

Sure thing - I used the ConfigMap for ingress-nginx. See:

github.com

kubernetes/ingress-nginx/blob/041a8457aa8253cfaa370817c02cb1faa2ad5a28/docs/user-guide/nginx-configuration/configmap.md

# ConfigMaps

ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable.

The ConfigMap API resource stores configuration data as key-value pairs. The data provides the configurations for system
components for the nginx-controller.

In order to overwrite nginx-controller configuration values as seen in [config.go](https://github.com/kubernetes/ingress-nginx/blob/master/internal/ingress/controller/config/config.go),
you can add key-value pairs to the data section of the config-map. For Example:

```yaml
data:
  map-hash-bucket-size: "128"
  ssl-protocols: SSLv2
```

!!! Important
    The key and values in a ConfigMap can only be strings.
    This means that we want a value with boolean values we need to quote the values, like "true" or "false".
    Same for numbers, like "100".

This file has been truncated. show original

Specifically
HSTS: https://github.com/kubernetes/ingress-nginx/blob/041a8457aa8253cfaa370817c02cb1faa2ad5a28/docs/user-guide/nginx-configuration/configmap.md#hsts
SSL Ciphers: https://github.com/kubernetes/ingress-nginx/blob/041a8457aa8253cfaa370817c02cb1faa2ad5a28/docs/user-guide/nginx-configuration/configmap.md#ssl-ciphers

Topic		Replies	Views
Best practices for secrets in Z2JH deployments Zero to JupyterHub on Kubernetes	5	1095	June 9, 2019
Inconsistency in values.yaml vs jupyterhub_config.py in z2jh Zero to JupyterHub on Kubernetes jupyterhub	4	143	January 16, 2024
Setting Up HTTPS for Jupyterhub on Kubernetes JupyterHub	7	1003	April 18, 2019
JupyterHub on Host Network with HTTPS failing with 503: Service Unavailable Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	2	725	January 28, 2022
Trouble configuring Ingress for Helm Chart Zero to JupyterHub on Kubernetes how-to	4	2177	July 9, 2020

Webserver headers and ciphers

Related Topics