Add add_header support for either server and location block (#141)

* Add `add_header` support for either `server` and `location` block * Add Tests for adding headers to either server and location block
2019-06-14 12:33:50 +02:00 · 2019-06-14 12:33:50 +02:00 · 155c13c140
commit 155c13c140
parent 17ea0dea29
4 changed files with 83 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -365,6 +365,15 @@ nginx_http_template:
    auth_basic_user_file: null
    try_files: $uri $uri/index.html $uri.html =404
    #auth_request: /auth
+    add_headers:
+      strict_transport_security:
+        name: Strict-Transport-Security
+        value: max-age=15768000; includeSubDomains
+        always: true
+      #header_name:
+        #name: Header-X
+        #value: Value-X
+        #always: false
    ssl:
      cert: /etc/ssl/certs/default.crt
      key: /etc/ssl/private/default.key
@ -377,6 +386,15 @@ nginx_http_template:
      locations:
        default:
          location: /
+          add_headers:
+            strict_transport_security:
+              name: Strict-Transport-Security
+              value: max-age=15768000; includeSubDomains
+              always: true
+            #header_name:
+              #name: Header-X
+              #value: Value-X
+              #always: false
          html_file_location: /usr/share/nginx/html
          html_file_name: index.html
          autoindex: false
@ -412,6 +430,15 @@ nginx_http_template:
      locations:
        backend:
          location: /
+          add_headers:
+            strict_transport_security:
+              name: Strict-Transport-Security
+              value: max-age=15768000; includeSubDomains
+              always: true
+            #header_name:
+              #name: Header-X
+              #value: Value-X
+              #always: false
          proxy_connect_timeout: null
          proxy_pass: http://backend
          #proxy_pass_request_body: off
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -177,6 +177,15 @@ nginx_http_template:
    auth_basic_user_file: null
    try_files: $uri $uri/index.html $uri.html =404
    #auth_request: /auth
+    add_headers:
+      strict_transport_security:
+        name: Strict-Transport-Security
+        value: max-age=15768000; includeSubDomains
+        always: true
+      #header_name:
+        #name: Header-X
+        #value: Value-X
+        #always: false
    ssl:
      cert: /etc/ssl/certs/default.crt
      key: /etc/ssl/private/default.key
@ -189,6 +198,15 @@ nginx_http_template:
      locations:
        default:
          location: /
+          add_headers:
+            strict_transport_security:
+              name: Strict-Transport-Security
+              value: max-age=15768000; includeSubDomains
+              always: true
+            #header_name:
+              #name: Header-X
+              #value: Value-X
+              #always: false
          html_file_location: /usr/share/nginx/html
          html_file_name: index.html
          autoindex: false
@ -224,6 +242,15 @@ nginx_http_template:
      locations:
        backend:
          location: /
+          add_headers:
+            strict_transport_security:
+              name: Strict-Transport-Security
+              value: max-age=15768000; includeSubDomains
+              always: true
+            #header_name:
+              #name: Header-X
+              #value: Value-X
+              #always: false
          proxy_connect_timeout: null
          proxy_pass: http://backend
          #proxy_pass_request_body: off
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@ -73,6 +73,11 @@ server {
    listen {{ item.value.port }};
 {% endif %}
    server_name {{ item.value.server_name | default('localhost') }};
+{% if item.value.add_headers is defined %}
+{% for header in item.value.add_headers %}
+    add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %};
+{% endfor %}
+{% endif %}
 {% if item.value.auth_basic is defined and item.value.auth_basic %}
    auth_basic "{{ item.value.auth_basic }}";
 {% endif %}
@ -101,6 +106,11 @@ server {
 {% if item.value.reverse_proxy.locations[location].internal is sameas true %}
        internal;
 {% endif %}
+{% if item.value.reverse_proxy.locations[location].add_headers is defined %}
+{% for header in item.value.reverse_proxy.locations[location].add_headers %}
+        add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
+{% endfor %}
+{% endif %}
 {% if item.value.reverse_proxy.locations[location].auth_request is defined %}
        auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
 {% endif %}
@ -222,6 +232,11 @@ server {
 {% if item.value.web_server.locations[location].try_files is defined %}
        try_files {{ item.value.web_server.locations[location].try_files }};
 {% endif %}
+{% if item.value.web_server.locations[location].add_headers is defined %}
+{% for header in item.value.web_server.locations[location].add_headers %}
+        add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %};
+{% endfor %}
+{% endif %}
 {% if item.value.web_server.locations[location].returns is defined %}
 {% for code in item.value.web_server.locations[location].returns %}
 {% if item.value.web_server.locations[location].returns[code] is defined %}
--- a/tests/playbooks/nginx-http-template.yml
+++ b/tests/playbooks/nginx-http-template.yml
@ -15,6 +15,11 @@
        port: 80
        server_name: localhost
        error_page: /usr/share/nginx/html
+        add_headers:
+          strict_transport_security:
+            name: Strict-Transport-Security
+            value: max-age=15768000; includeSubDomains
+            always: true
        reverse_proxy:
          proxy_cache_path:
            - path: /var/cache/nginx/proxy/frontend
@ -46,6 +51,15 @@
          locations:
            frontend:
              location: /
+              add_headers:
+                strict_transport_security:
+                  name: Strict-Transport-Security
+                  value: max-age=15768000; includeSubDomains
+                  always: true
+                another_header:
+                  name: Fancy-New-Header-To-Test
+                  value: testing=true
+                  always: false
              proxy_pass: http://frontend_servers/
              proxy_cache: frontend_proxy_cache
              proxy_temp_path: