sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add proxy_hide-header directive (#144)

Browse Source 
* Add proxy_hide-header directive

* Add proxy_hide_headers to tests

* Add comment's also to defaults/main.yml
This commit is contained in:
Philip Henning 2019-07-15 14:49:10 +02:00 committed by Alessandro Fael Garcia
parent f5f3a65fd8
commit a8dfb5b7df
4 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -371,6 +371,7 @@ nginx_http_template:
#auth_request_set: #auth_request_set:
#name: $auth_user #name: $auth_user
#value: $upstream_http_x_user #value: $upstream_http_x_user
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
@ -397,6 +398,7 @@ nginx_http_template:
locations: locations:
default: default:
location: / location: /
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
@ -444,6 +446,7 @@ nginx_http_template:
locations: locations:
backend: backend:
location: / location: /
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security

3
defaults/main.yml
View File

@ -183,6 +183,7 @@ nginx_http_template:
#auth_request_set: #auth_request_set:
#name: $auth_user #name: $auth_user
#value: $upstream_http_x_user #value: $upstream_http_x_user
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
@ -209,6 +210,7 @@ nginx_http_template:
locations: locations:
default: default:
location: / location: /
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
@ -256,6 +258,7 @@ nginx_http_template:
locations: locations:
backend: backend:
location: / location: /
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security

15
templates/http/default.conf.j2
View File

@ -91,6 +91,11 @@ server {
listen {{ item.value.port }}; listen {{ item.value.port }};
{% endif %} {% endif %}
server_name {{ item.value.server_name | default('localhost') }}; server_name {{ item.value.server_name | default('localhost') }};
{% if item.value.proxy_hide_headers is defined %}
{% for header in item.value.proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.add_headers is defined %} {% if item.value.add_headers is defined %}
{% for header in item.value.add_headers %} {% for header in item.value.add_headers %}
add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %}; add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %};
@ -127,6 +132,11 @@ server {
{% if item.value.reverse_proxy.locations[location].internal is sameas true %} {% if item.value.reverse_proxy.locations[location].internal is sameas true %}
internal; internal;
{% endif %} {% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.reverse_proxy.locations[location].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].add_headers is defined %} {% if item.value.reverse_proxy.locations[location].add_headers is defined %}
{% for header in item.value.reverse_proxy.locations[location].add_headers %} {% for header in item.value.reverse_proxy.locations[location].add_headers %}
add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %}; add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
@ -266,6 +276,11 @@ server {
{% if item.value.web_server.locations[location].try_files is defined %} {% if item.value.web_server.locations[location].try_files is defined %}
try_files {{ item.value.web_server.locations[location].try_files }}; try_files {{ item.value.web_server.locations[location].try_files }};
{% endif %} {% endif %}
{% if item.value.web_server.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.web_server.locations[location].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.web_server.locations[location].add_headers is defined %} {% if item.value.web_server.locations[location].add_headers is defined %}
{% for header in item.value.web_server.locations[location].add_headers %} {% for header in item.value.web_server.locations[location].add_headers %}
add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %}; add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %};

6
tests/playbooks/nginx-http-template.yml
View File

@ -15,6 +15,8 @@
port: 80 port: 80
server_name: localhost server_name: localhost
error_page: /usr/share/nginx/html error_page: /usr/share/nginx/html
proxy_hide_headers:
- X-Powered-By
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
@ -51,6 +53,8 @@
locations: locations:
frontend: frontend:
location: / location: /
proxy_hide_headers:
- X-Powered-By
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
@ -152,6 +156,8 @@
locations: locations:
frontend_site: frontend_site:
location: / location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html html_file_name: frontend_index.html
autoindex: false autoindex: false