mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
fix concepts image in doc, revert clientcache update and refactor headers
This commit is contained in:
parent
ad45bbb4d7
commit
d59b305f1e
|
@ -14,6 +14,7 @@
|
|||
- [BUGFIX] Fix UI not working in Ubuntu (python zope module)
|
||||
- [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
|
||||
- [BUGFIX] Custom configurations from env were not being deleted properly
|
||||
- [BUGFIX] Fix concepts image not displayed in the documentation
|
||||
- [PERFORMANCE] Reduce CPU and RAM usage of scheduler
|
||||
- [PERFORMANCE] Cache ngx.ctx instead of loading it each time
|
||||
- [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Concepts
|
||||
|
||||
<figure markdown>
|
||||
![Overwiew](assets/img/concepts.svg){ align=center }
|
||||
![Overwiew](assets/img/concepts.svg){ align=center, width="600" }
|
||||
</figure>
|
||||
|
||||
## Integrations
|
||||
|
|
|
@ -48,7 +48,7 @@ function antibot:header()
|
|||
end
|
||||
|
||||
local header = "Content-Security-Policy"
|
||||
if utils.get_variable("CONTENT_SECURITY_POLICY_REPORT_ONLY", true) == "yes" then
|
||||
if self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes" then
|
||||
header = header .. "-Report-Only"
|
||||
end
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{% if USE_CLIENT_CACHE == "yes" +%}
|
||||
add_header Cache-Control $cache_control;
|
||||
{% if CLIENT_CACHE_ETAG == "yes" and SERVE_FILES == "yes" and USE_REVERSE_PROXY == "no" +%}
|
||||
etag on;
|
||||
{% else +%}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
"CUSTOM_SSL_CERT": {
|
||||
"context": "multisite",
|
||||
"default": "",
|
||||
"help": "Full path of the certificate or bundle file.",
|
||||
"help": "Full path of the certificate or bundle file (must be readable by the scheduler).",
|
||||
"id": "custom-https-cert",
|
||||
"label": "Certificate path",
|
||||
"regex": "^(/[\\w. -]+)*/?$",
|
||||
|
@ -26,7 +26,7 @@
|
|||
"CUSTOM_SSL_KEY": {
|
||||
"context": "multisite",
|
||||
"default": "",
|
||||
"help": "Full path of the key file.",
|
||||
"help": "Full path of the key file (must be readable by the scheduler).",
|
||||
"id": "custom-https-key",
|
||||
"label": "Key path",
|
||||
"regex": "^(/[\\w. -]+)*/?$",
|
||||
|
|
|
@ -17,15 +17,65 @@ function headers:initialize()
|
|||
["X_CONTENT_TYPE_OPTIONS"] = "X-Content-Type-Options",
|
||||
["X_XSS_PROTECTION"] = "X-XSS-Protection"
|
||||
}
|
||||
-- Load data from datastore if needed
|
||||
if ngx.get_phase() ~= "init" then
|
||||
-- Get custom headers from datastore
|
||||
local custom_headers, err = self.datastore:get("plugin_headers_custom_headers", true)
|
||||
if not custom_headers then
|
||||
self.logger:log(ngx.ERR, err)
|
||||
return
|
||||
end
|
||||
self.custom_headers = {}
|
||||
-- Extract global headers
|
||||
if custom_headers.global then
|
||||
for k, v in pairs(custom_headers.global) do
|
||||
self.custom_headers[k] = v
|
||||
end
|
||||
end
|
||||
-- Extract and overwrite if needed server headers
|
||||
if custom_headers[self.ctx.bw.server_name] then
|
||||
for k, v in pairs(custom_headers[self.ctx.bw.server_name]) do
|
||||
self.custom_headers[k] = v
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
function headers:init()
|
||||
-- Get variables
|
||||
local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
|
||||
if variables == nil then
|
||||
return self:ret(false, err)
|
||||
end
|
||||
-- Store custom headers name and value
|
||||
local data = {}
|
||||
local i = 0
|
||||
for srv, vars in pairs(variables) do
|
||||
for var, value in pairs(vars) do
|
||||
if data[srv] == nil then
|
||||
data[srv] = {}
|
||||
end
|
||||
local m = utils.regex_match(value, "([\\w-]+): ([^,]+)")
|
||||
if m then
|
||||
data[srv][m[1]] = m[2]
|
||||
end
|
||||
i = i + 1
|
||||
end
|
||||
end
|
||||
local ok, err = self.datastore:set("plugin_headers_custom_headers", data, nil, true)
|
||||
if not ok then
|
||||
return self:ret(false, err)
|
||||
end
|
||||
return self:ret(true, "successfully loaded " .. tostring(i) .. " custom headers")
|
||||
end
|
||||
|
||||
function headers:header()
|
||||
-- Override upstream headers if needed
|
||||
local ssl = utils.get_variable("AUTO_LETS_ENCRYPT", true) == "yes" or
|
||||
utils.get_variable("USE_CUSTOM_SSL", true) == "yes" or
|
||||
utils.get_variable("GENERATE_SELF_SIGNED_SSL", true) == "yes"
|
||||
local ssl = self.variables["AUTO_LETS_ENCRYPT"] == "yes" or
|
||||
self.variables["USE_CUSTOM_SSL"] == "yes" or
|
||||
self.variables["GENERATE_SELF_SIGNED_SSL"] == "yes"
|
||||
for variable, header in pairs(self.all_headers) do
|
||||
if ngx.header[header] == nil or self.variables[variable] and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil then
|
||||
if ngx.header[header] == nil or (self.variables[variable] ~= "" and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil) then
|
||||
if (header ~= "Strict-Transport-Security" or ssl) then
|
||||
if header == "Content-Security-Policy" and self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes" then
|
||||
ngx.header["Content-Security-Policy-Report-Only"] = self.variables[variable]
|
||||
|
@ -35,43 +85,17 @@ function headers:header()
|
|||
end
|
||||
end
|
||||
end
|
||||
-- Get variables
|
||||
local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
|
||||
if variables == nil then
|
||||
return self:ret(false, err)
|
||||
end
|
||||
-- Add custom headers
|
||||
for srv, vars in pairs(variables) do
|
||||
if srv == self.ctx.bw.server_name or srv == "global" then
|
||||
for var, value in pairs(vars) do
|
||||
if utils.regex_match(var, "CUSTOM_HEADER") and value then
|
||||
local m = utils.regex_match(value, "([\\w-]+): ([^,]+)")
|
||||
if m then
|
||||
ngx.header[m[1]] = m[2]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
for header, value in pairs(self.custom_headers) do
|
||||
ngx.header[header] = value
|
||||
end
|
||||
-- Remove headers
|
||||
if self.variables["REMOVE_HEADERS"] ~= "" then
|
||||
local iterator, err = ngx.re.gmatch(self.variables["REMOVE_HEADERS"], "([\\w-]+)")
|
||||
if not iterator then
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
end
|
||||
while true do
|
||||
local m, err = iterator()
|
||||
if err then
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
end
|
||||
if not m then
|
||||
-- No more remove headers
|
||||
break
|
||||
end
|
||||
ngx.header[m[1]] = nil
|
||||
for header in self.variables["REMOVE_HEADERS"]:gmatch("%S+") do
|
||||
ngx.header[header] = nil
|
||||
end
|
||||
end
|
||||
return self:ret(true, "Edited headers for request")
|
||||
return self:ret(true, "edited headers for request")
|
||||
end
|
||||
|
||||
return headers
|
||||
|
|
Loading…
Reference in a new issue