Unhardcode proxy_set_header
This patch unhardcode proxy_set_header options from proxy template.
The default behaviour is keept. Header might be passed via the following
pillar of site definition:
nginx:
server:
site:
abc:
type: nginx_proxy
proxy_set_header:
My-Header:
enabled: true
value: '"MyValue"'
Related-Prod: PROD-23522
Change-Id: I8108b7ca0deab6b0c79a764beec3ca90e39d3f17
diff --git a/README.rst b/README.rst
index 8c08775..927eaaf 100644
--- a/README.rst
+++ b/README.rst
@@ -472,6 +472,33 @@
always: true
enabled: true
+Setting custom proxy headers:
+
+.. code-block:: yaml
+
+ nginx:
+ server:
+ enabled: true
+ site:
+ custom_headers:
+ type: nginx_proxy
+ proxy_set_header:
+ Host:
+ enabled: true
+ value: "$host:8774"
+ X-Real-IP:
+ enabled: true
+ value: '$remote_addr'
+ X-Forwarded-For:
+ enabled: true
+ value: '$proxy_add_x_forwarded_for'
+ X-Forwarded-Proto:
+ enabled: true
+ value: '$scheme'
+ X-Forwarded-Port:
+ enabled: true
+ value: '$server_port'
+
Nginx stats server (required by collectd nginx plugin):
.. code-block:: yaml
diff --git a/nginx/files/proxy.conf b/nginx/files/proxy.conf
index 6687ad5..e2036f0 100644
--- a/nginx/files/proxy.conf
+++ b/nginx/files/proxy.conf
@@ -93,23 +93,39 @@
proxy_http_version 1.1;
{%- if location.get('headers', True) %}
- proxy_set_header Host $host{% if site.host.port is defined and site.host.port not in [80,443] %}:{{ site.host.port }}{% endif %};
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Host $host{% if site.host.port is defined and site.host.port not in [80,443] %}:{{ site.host.port }}{% endif %};
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Forwarded-Port $server_port;
+ {%- set host_port = "$host:" + site.host.port|string if site.host.port is defined and site.host.port not in [80,443] else "$host" %}
+ {%-
+ set default_proxy_headers = {
+ 'Host': {'enabled': True, 'value': host_port},
+ 'X-Real-IP': {'enabled': True, 'value': '$remote_addr'},
+ 'X-Forwarded-For': {'enabled': True, 'value':'$proxy_add_x_forwarded_for'},
+ 'X-Forwarded-Proto': {'enabled': True, 'value': '$scheme'},
+ 'X-Forwarded-Host': {'enabled': True, 'value': host_port},
+ 'X-Forwarded-Server': {'enabled': True, 'value': '$host'},
+ 'X-Forwarded-Port': {'enabled': True, 'value': '$server_port'}
+ }
+ %}
+ {%- if location.websocket is defined %}
+ {%- do default_proxy_headers.update({'Upgrade': {'enabled': True, 'value': '$http_upgrade'},
+ 'Connection': {'enabled': True, 'value': "upgrade"}}) %}
+ {%- endif %}
- {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %}
+ {%- if site.proxy_set_header is defined %}
+ {%- set headers_dict = site.proxy_set_header %}
+ {%- else %}
+ {%- set headers_dict = default_proxy_headers %}
+ {%- endif %}
+
+ {%- for name,header in headers_dict.iteritems() %}
+ {%- if header.enabled %}
+ proxy_set_header {{ name }} {{ header.value }};
+ {%- endif %}
+ {%- endfor %}
+
+ {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %}
add_header Front-End-Https on;
- {{ strict_transport_security(site) | indent(6) }}
- {%- endif %}
-
- {%- if location.websocket is defined %}
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- {%- endif %}
+ {{ strict_transport_security(site) | indent(6) }}
+ {%- endif %}
{%- endif %}
{%- if site.get('limit', {}).get('enabled', False) %}