[stable/nginx-ingress] Pass correct headers to downstream applications when letting AWS terminate SSL.

[don-code]

What this PR does / why we need it:

The README offers a sample configuration for terminating SSL with an ELB on AWS's side. When this configuration is used, the header X-Forwarded-Proto is rewritten by nginx to always be http (what nginx sees), rather than http or https (what the ELB saw).

Some example behaviors I observed as a result:

1. Jenkins would redirect to the non-SSL endpoint when logging in, and also show the "It appears that your reverse proxy set up is broken." message in settings.
2. An internal application could not process POSTs unless they came in over plain HTTP (which caused other issues, as it wanted those POSTs to come in over HTTPS for security).

Setting use-forwarded-headers to true, and use-proxy-protocol to false in the ingress controller config corrects this, so that X-Forwarded-Proto reads http for a plain HTTP session, and https for an HTTPS session.

Since the behavior as-documented seemed broken, I chose to add these two parameters to the documentation.

Which issue this PR fixes

N/A

Special notes for your reviewer:

The link in the documentation was also broken, so I updated it.

I don't know if the broken config is correct in some other context, but I can't think of one, and it seems like it was just oversight.

Checklist

• DCO signed
• Chart Version bumped
• Variables are documented in the README.md
• Title of the PR starts with chart name (e.g. [stable/mychartname])

[k8s-ci-robot]

Hi @don-code. Thanks for your PR.

I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: don-code
To complete the pull request process, please assign taharah
You can assign the PR to them by writing /assign @taharah in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• stable/nginx-ingress/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[scottrigby]

/hold

See kubernetes/ingress-nginx#6038

[scottrigby]

stable/nginx-ingress has been deprecated in favor of the upstream ingress-nginx repo. See #22823. PRs if still applicable can be re-opened there. Thanks 😊