From 5ac87644a89547d3b125cc2d5c52b6509acdb5a8 Mon Sep 17 00:00:00 2001 From: Philip Henning Date: Fri, 14 Feb 2020 23:54:31 +0000 Subject: [PATCH] Add implementation of ngx_http_sub_module config (#216) --- defaults/main/template.yml | 20 +++++++++ molecule/common/playbook_template.yml | 60 ++++++++++++++++++++++++++- templates/http/default.conf.j2 | 42 +++++++++++++++++++ templates/nginx.conf.j2 | 14 +++++++ 4 files changed, 134 insertions(+), 2 deletions(-) diff --git a/defaults/main/template.yml b/defaults/main/template.yml index 2d69f32..1c0afd7 100644 --- a/defaults/main/template.yml +++ b/defaults/main/template.yml @@ -41,6 +41,11 @@ nginx_main_template: keyval: false # server_tokens: "off" http_global_autoindex: false + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "on" + types: "text/html" # http_custom_options: [] stream_enable: false # stream_custom_options: [] @@ -109,6 +114,11 @@ nginx_http_template: trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt stapling: true stapling_verify: true + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "on" + types: "text/html" # custom_options: [] web_server: locations: @@ -140,6 +150,11 @@ nginx_http_template: # return302: # code: 302 # url: https://sso.somehost.local/?url=https://$http_host$request_uri + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "on" + types: "text/html" # custom_options: [] http_demo_conf: false reverse_proxy: @@ -236,6 +251,11 @@ nginx_http_template: # return302: # code: 302 # url: https://sso.somehost.local/?url=https://$http_host$request_uri + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "on" + types: "text/html" # custom_options: [] health_check_plus: false returns: diff --git a/molecule/common/playbook_template.yml b/molecule/common/playbook_template.yml index e9e9264..3ff9e57 100644 --- a/molecule/common/playbook_template.yml +++ b/molecule/common/playbook_template.yml @@ -33,6 +33,11 @@ rate_limit: false keyval: false server_tokens: "off" + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "on" + types: "text/html" stream_enable: true http_global_autoindex: false @@ -60,6 +65,12 @@ name: Strict-Transport-Security value: max-age=15768000; includeSubDomains always: true + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "on" + types: "text/html" + # custom_options: [] reverse_proxy: locations: frontend: @@ -109,6 +120,11 @@ value: $scheme proxy_buffering: false client_max_body_size: 5m + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "on" + types: "text/html" backend: location: /backend proxy_pass: http://backend_servers/ @@ -212,6 +228,21 @@ server_name: localhost error_page: /usr/share/nginx/html autoindex: false + sub_filter: + sub_filters: + - "'server_hostname' '$hostname'" + - "'server_address' '$server_addr:$server_port'" + - "'server_url' '$request_uri'" + - "'remote_addr' '$remote_addr:$remote_port'" + - "'server_date' '$time_local'" + - "'client_browser' '$http_user_agent'" + - "'request_id' '$request_id'" + - "'nginx_version' '$nginx_version'" + - "'document_root' '$document_root'" + - "'proxied_for_ip' '$http_x_forwarded_for'" + last_modified: "off" + once: "off" + types: "text/html" web_server: locations: frontend_site: @@ -221,7 +252,12 @@ html_file_location: /usr/share/nginx/html html_file_name: frontend_index.html autoindex: false - http_demo_conf: true + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "off" + types: "text/html" + http_demo_conf: false backend: template_file: http/default.conf.j2 conf_file_name: backend_default.conf @@ -235,6 +271,21 @@ server_name: localhost error_page: /usr/share/nginx/html autoindex: false + sub_filter: + sub_filters: + - "'server_hostname' '$hostname'" + - "'server_address' '$server_addr:$server_port'" + - "'server_url' '$request_uri'" + - "'remote_addr' '$remote_addr:$remote_port'" + - "'server_date' '$time_local'" + - "'client_browser' '$http_user_agent'" + - "'request_id' '$request_id'" + - "'nginx_version' '$nginx_version'" + - "'document_root' '$document_root'" + - "'proxied_for_ip' '$http_x_forwarded_for'" + last_modified: "off" + once: "off" + types: "text/html" web_server: locations: backend_site: @@ -252,7 +303,12 @@ - fastcgi_index index.php - include fastcgi_params - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name - http_demo_conf: true + sub_filter: + # sub_filters: [] + last_modified: "off" + once: "off" + types: "text/html" + http_demo_conf: false nginx_html_demo_template_enable: true nginx_html_demo_template: frontend: diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 index 371504a..06ad16c 100644 --- a/templates/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -159,6 +159,20 @@ server { {% if item.value.servers[server].client_max_body_size is defined and item.value.servers[server].client_max_body_size %} client_max_body_size {{ item.value.servers[server].client_max_body_size }}; {% endif %} +{% if item.value.servers[server].sub_filter.sub_filters is defined and item.value.servers[server].sub_filter.sub_filters | length %} +{% for sub_filter in item.value.servers[server].sub_filter.sub_filters %} + sub_filter {{ sub_filter }}; +{% endfor %} +{% endif %} +{% if item.value.servers[server].sub_filter.last_modified is defined %} + sub_filter_last_modified {{ item.value.servers[server].sub_filter.last_modified | ternary("on", "off") }}; +{% endif %} +{% if item.value.servers[server].sub_filter.once is defined %} + sub_filter_once {{ item.value.servers[server].sub_filter.once | ternary("on", "off") }}; +{% endif %} +{% if item.value.servers[server].sub_filter.types is defined and item.value.servers[server].sub_filter.types %} + sub_filter_types {{ item.value.servers[server].sub_filter.types }}; +{% endif %} {% if item.value.servers[server].custom_options is defined and item.value.servers[server].custom_options | length %} {% for inline_option in item.value.servers[server].custom_options %} {{ inline_option }}; @@ -334,6 +348,20 @@ server { {% if item.value.servers[server].reverse_proxy.locations[location].proxy_buffering is defined %} proxy_buffering {{ item.value.servers[server].reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }}; {% endif %} +{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters is defined and item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters | length %} +{% for sub_filter in item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters %} + sub_filter {{ sub_filter }}; +{% endfor %} +{% endif %} +{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.last_modified is defined %} + sub_filter_last_modified {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.last_modified | ternary("on", "off") }}; +{% endif %} +{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.once is defined %} + sub_filter_once {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.once | ternary("on", "off") }}; +{% endif %} +{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.types is defined and item.value.servers[server].reverse_proxy.locations[location].sub_filter.types %} + sub_filter_types {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.types }}; +{% endif %} {% if item.value.servers[server].reverse_proxy.locations[location].custom_options is defined and item.value.servers[server].reverse_proxy.locations[location].custom_options | length %} {% for inline_option in item.value.servers[server].reverse_proxy.locations[location].custom_options %} {{ inline_option }}; @@ -403,6 +431,20 @@ server { {% if item.value.servers[server].web_server.locations[location].auth_request_set is defined %} auth_request_set {{ item.value.servers[server].web_server.locations[location].auth_request_set.name }} {{ item.value.servers[server].web_server.locations[location].auth_request_set.value }}; {% endif %} +{% if item.value.servers[server].web_server.locations[location].sub_filter.sub_filters is defined and item.value.servers[server].web_server.locations[location].sub_filter.sub_filters | length %} +{% for sub_filter in item.value.servers[server].web_server.locations[location].sub_filter.sub_filters %} + sub_filter {{ sub_filter }}; +{% endfor %} +{% endif %} +{% if item.value.servers[server].web_server.locations[location].sub_filter.last_modified is defined %} + sub_filter_last_modified {{ item.value.servers[server].web_server.locations[location].sub_filter.last_modified | ternary("on", "off") }}; +{% endif %} +{% if item.value.servers[server].web_server.locations[location].sub_filter.once is defined %} + sub_filter_once {{ item.value.servers[server].web_server.locations[location].sub_filter.once | ternary("on", "off") }}; +{% endif %} +{% if item.value.servers[server].web_server.locations[location].sub_filter.types is defined and item.value.servers[server].web_server.locations[location].sub_filter.types %} + sub_filter_types {{ item.value.servers[server].web_server.locations[location].sub_filter.types }}; +{% endif %} } {% endfor %} diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 3202fe2..6dc349d 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -99,6 +99,20 @@ http { {% if nginx_main_template.http_global_autoindex | default(false) %} autoindex on; {% endif %} +{% if nginx_main_template.sub_filter.sub_filters is defined and nginx_main_template.sub_filter.sub_filters | length %} +{% for sub_filter in nginx_main_template.sub_filter.sub_filters %} + sub_filter {{ sub_filter }}; +{% endfor %} +{% endif %} +{% if nginx_main_template.sub_filter.last_modified is defined %} + sub_filter_last_modified {{ nginx_main_template.sub_filter.last_modified | ternary("on", "off") }}; +{% endif %} +{% if nginx_main_template.sub_filter.once is defined %} + sub_filter_once {{ nginx_main_template.sub_filter.once | ternary("on", "off") }}; +{% endif %} +{% if nginx_main_template.sub_filter.types is defined and nginx_main_template.sub_filter.types %} + sub_filter_types {{ nginx_main_template.sub_filter.types }}; +{% endif %} {% if nginx_main_template.http_custom_options is defined and nginx_main_template.http_custom_options | length %} {% for inline_option in nginx_main_template.http_custom_options %} {{ inline_option }};