From a8dfb5b7dfa8aa9f52f669c6f97e725f4080e46d Mon Sep 17 00:00:00 2001 From: Philip Henning Date: Mon, 15 Jul 2019 14:49:10 +0200 Subject: [PATCH] Add proxy_hide-header directive (#144) * Add proxy_hide-header directive * Add proxy_hide_headers to tests * Add comment's also to defaults/main.yml --- README.md | 3 +++ defaults/main.yml | 3 +++ templates/http/default.conf.j2 | 15 +++++++++++++++ tests/playbooks/nginx-http-template.yml | 6 ++++++ 4 files changed, 27 insertions(+) diff --git a/README.md b/README.md index 76f00b0..6094537 100644 --- a/README.md +++ b/README.md @@ -371,6 +371,7 @@ nginx_http_template: #auth_request_set: #name: $auth_user #value: $upstream_http_x_user + proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security @@ -397,6 +398,7 @@ nginx_http_template: locations: default: location: / + proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security @@ -444,6 +446,7 @@ nginx_http_template: locations: backend: location: / + proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security diff --git a/defaults/main.yml b/defaults/main.yml index a2859dc..5b34c44 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -183,6 +183,7 @@ nginx_http_template: #auth_request_set: #name: $auth_user #value: $upstream_http_x_user + proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security @@ -209,6 +210,7 @@ nginx_http_template: locations: default: location: / + proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security @@ -256,6 +258,7 @@ nginx_http_template: locations: backend: location: / + proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 index b6667be..e5105bc 100644 --- a/templates/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -91,6 +91,11 @@ server { listen {{ item.value.port }}; {% endif %} server_name {{ item.value.server_name | default('localhost') }}; +{% if item.value.proxy_hide_headers is defined %} +{% for header in item.value.proxy_hide_headers %} + proxy_hide_header {{ header }}; +{% endfor %} +{% endif %} {% if item.value.add_headers is defined %} {% for header in item.value.add_headers %} add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %}; @@ -127,6 +132,11 @@ server { {% if item.value.reverse_proxy.locations[location].internal is sameas true %} internal; {% endif %} +{% if item.value.reverse_proxy.locations[location].proxy_hide_headers is defined %} +{% for header in item.value.reverse_proxy.locations[location].proxy_hide_headers %} + proxy_hide_header {{ header }}; +{% endfor %} +{% endif %} {% if item.value.reverse_proxy.locations[location].add_headers is defined %} {% for header in item.value.reverse_proxy.locations[location].add_headers %} add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %}; @@ -266,6 +276,11 @@ server { {% if item.value.web_server.locations[location].try_files is defined %} try_files {{ item.value.web_server.locations[location].try_files }}; {% endif %} +{% if item.value.web_server.locations[location].proxy_hide_headers is defined %} +{% for header in item.value.web_server.locations[location].proxy_hide_headers %} + proxy_hide_header {{ header }}; +{% endfor %} +{% endif %} {% if item.value.web_server.locations[location].add_headers is defined %} {% for header in item.value.web_server.locations[location].add_headers %} add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %}; diff --git a/tests/playbooks/nginx-http-template.yml b/tests/playbooks/nginx-http-template.yml index 4e482ef..6a4eb3b 100644 --- a/tests/playbooks/nginx-http-template.yml +++ b/tests/playbooks/nginx-http-template.yml @@ -15,6 +15,8 @@ port: 80 server_name: localhost error_page: /usr/share/nginx/html + proxy_hide_headers: + - X-Powered-By add_headers: strict_transport_security: name: Strict-Transport-Security @@ -51,6 +53,8 @@ locations: frontend: location: / + proxy_hide_headers: + - X-Powered-By add_headers: strict_transport_security: name: Strict-Transport-Security @@ -152,6 +156,8 @@ locations: frontend_site: location: / + proxy_hide_headers: + - X-Powered-By html_file_location: /usr/share/nginx/html html_file_name: frontend_index.html autoindex: false