sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add add_header support for either server and location block (#141)

Browse Source 
* Add `add_header` support for either `server` and `location` block

* Add Tests for adding headers to either server and location block
This commit is contained in:
Philip Henning 2019-06-14 12:33:50 +02:00 committed by Grzegorz Dzien
parent 17ea0dea29
commit 155c13c140
4 changed files with 83 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -365,6 +365,15 @@ nginx_http_template:
auth_basic_user_file: null auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404 try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth #auth_request: /auth
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
ssl: ssl:
cert: /etc/ssl/certs/default.crt cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key key: /etc/ssl/private/default.key
@ -377,6 +386,15 @@ nginx_http_template:
locations: locations:
default: default:
location: / location: /
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
html_file_location: /usr/share/nginx/html html_file_location: /usr/share/nginx/html
html_file_name: index.html html_file_name: index.html
autoindex: false autoindex: false
@ -412,6 +430,15 @@ nginx_http_template:
locations: locations:
backend: backend:
location: / location: /
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
proxy_connect_timeout: null proxy_connect_timeout: null
proxy_pass: http://backend proxy_pass: http://backend
#proxy_pass_request_body: off #proxy_pass_request_body: off

27
defaults/main.yml
View File

@ -177,6 +177,15 @@ nginx_http_template:
auth_basic_user_file: null auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404 try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth #auth_request: /auth
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
ssl: ssl:
cert: /etc/ssl/certs/default.crt cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key key: /etc/ssl/private/default.key
@ -189,6 +198,15 @@ nginx_http_template:
locations: locations:
default: default:
location: / location: /
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
html_file_location: /usr/share/nginx/html html_file_location: /usr/share/nginx/html
html_file_name: index.html html_file_name: index.html
autoindex: false autoindex: false
@ -224,6 +242,15 @@ nginx_http_template:
locations: locations:
backend: backend:
location: / location: /
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
proxy_connect_timeout: null proxy_connect_timeout: null
proxy_pass: http://backend proxy_pass: http://backend
#proxy_pass_request_body: off #proxy_pass_request_body: off

15
templates/http/default.conf.j2
View File

@ -73,6 +73,11 @@ server {
listen {{ item.value.port }}; listen {{ item.value.port }};
{% endif %} {% endif %}
server_name {{ item.value.server_name | default('localhost') }}; server_name {{ item.value.server_name | default('localhost') }};
{% if item.value.add_headers is defined %}
{% for header in item.value.add_headers %}
add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.auth_basic is defined and item.value.auth_basic %} {% if item.value.auth_basic is defined and item.value.auth_basic %}
auth_basic "{{ item.value.auth_basic }}"; auth_basic "{{ item.value.auth_basic }}";
{% endif %} {% endif %}
@ -101,6 +106,11 @@ server {
{% if item.value.reverse_proxy.locations[location].internal is sameas true %} {% if item.value.reverse_proxy.locations[location].internal is sameas true %}
internal; internal;
{% endif %} {% endif %}
{% if item.value.reverse_proxy.locations[location].add_headers is defined %}
{% for header in item.value.reverse_proxy.locations[location].add_headers %}
add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_request is defined %} {% if item.value.reverse_proxy.locations[location].auth_request is defined %}
auth_request {{ item.value.reverse_proxy.locations[location].auth_request }}; auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
{% endif %} {% endif %}
@ -222,6 +232,11 @@ server {
{% if item.value.web_server.locations[location].try_files is defined %} {% if item.value.web_server.locations[location].try_files is defined %}
try_files {{ item.value.web_server.locations[location].try_files }}; try_files {{ item.value.web_server.locations[location].try_files }};
{% endif %} {% endif %}
{% if item.value.web_server.locations[location].add_headers is defined %}
{% for header in item.value.web_server.locations[location].add_headers %}
add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.web_server.locations[location].returns is defined %} {% if item.value.web_server.locations[location].returns is defined %}
{% for code in item.value.web_server.locations[location].returns %} {% for code in item.value.web_server.locations[location].returns %}
{% if item.value.web_server.locations[location].returns[code] is defined %} {% if item.value.web_server.locations[location].returns[code] is defined %}

14
tests/playbooks/nginx-http-template.yml
View File

@ -15,6 +15,11 @@
port: 80 port: 80
server_name: localhost server_name: localhost
error_page: /usr/share/nginx/html error_page: /usr/share/nginx/html
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
reverse_proxy: reverse_proxy:
proxy_cache_path: proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend - path: /var/cache/nginx/proxy/frontend
@ -46,6 +51,15 @@
locations: locations:
frontend: frontend:
location: / location: /
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
another_header:
name: Fancy-New-Header-To-Test
value: testing=true
always: false
proxy_pass: http://frontend_servers/ proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache proxy_cache: frontend_proxy_cache
proxy_temp_path: proxy_temp_path: