fix concepts image in doc, revert clientcache update and refactor headers

CHANGELOG.md

@@ -14,6 +14,7 @@
 - [BUGFIX] Fix UI not working in Ubuntu (python zope module)
 - [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
 - [BUGFIX] Custom configurations from env were not being deleted properly
+- [BUGFIX] Fix concepts image not displayed in the documentation
 - [PERFORMANCE] Reduce CPU and RAM usage of scheduler
 - [PERFORMANCE] Cache ngx.ctx instead of loading it each time
 - [PERFORMANCE] Use per-worker LRU cache for common RO LUA values

docs/concepts.md

@@ -1,7 +1,7 @@
 # Concepts
 
 <figure markdown>
-  ![Overwiew](assets/img/concepts.svg){ align=center }
+  ![Overwiew](assets/img/concepts.svg){ align=center, width="600" }
 </figure>
 
 ## Integrations

src/common/core/antibot/antibot.lua

@@ -48,7 +48,7 @@ function antibot:header()
 	end
 
 	local header = "Content-Security-Policy"
-	if utils.get_variable("CONTENT_SECURITY_POLICY_REPORT_ONLY", true) == "yes" then
+	if self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes" then
 		header = header .. "-Report-Only"
 	end
 

src/common/core/clientcache/confs/server-http/client-cache.conf

@@ -1,4 +1,5 @@
 {% if USE_CLIENT_CACHE == "yes" +%}
+add_header Cache-Control $cache_control;
 	{% if CLIENT_CACHE_ETAG == "yes" and SERVE_FILES == "yes" and USE_REVERSE_PROXY == "no" +%}
 etag on;
 	{% else +%}

src/common/core/customcert/plugin.json

@@ -17,7 +17,7 @@
     "CUSTOM_SSL_CERT": {
       "context": "multisite",
       "default": "",
-      "help": "Full path of the certificate or bundle file.",
+      "help": "Full path of the certificate or bundle file (must be readable by the scheduler).",
       "id": "custom-https-cert",
       "label": "Certificate path",
       "regex": "^(/[\\w. -]+)*/?$",
@@ -26,7 +26,7 @@
     "CUSTOM_SSL_KEY": {
       "context": "multisite",
       "default": "",
-      "help": "Full path of the key file.",
+      "help": "Full path of the key file (must be readable by the scheduler).",
       "id": "custom-https-key",
       "label": "Key path",
       "regex": "^(/[\\w. -]+)*/?$",

src/common/core/headers/headers.lua

@@ -17,15 +17,65 @@ function headers:initialize()
     ["X_CONTENT_TYPE_OPTIONS"] = "X-Content-Type-Options",
     ["X_XSS_PROTECTION"] = "X-XSS-Protection"
   }
+	-- Load data from datastore if needed
+	if ngx.get_phase() ~= "init" then
+		-- Get custom headers from datastore
+		local custom_headers, err = self.datastore:get("plugin_headers_custom_headers", true)
+		if not custom_headers then
+			self.logger:log(ngx.ERR, err)
+			return
+		end
+		self.custom_headers = {}
+		-- Extract global headers
+		if custom_headers.global then
+			for k, v in pairs(custom_headers.global) do
+				self.custom_headers[k] = v
+			end
+		end
+		-- Extract and overwrite if needed server headers
+		if custom_headers[self.ctx.bw.server_name] then
+			for k, v in pairs(custom_headers[self.ctx.bw.server_name]) do
+				self.custom_headers[k] = v
+			end
+		end
+	end
+end
+
+function headers:init()
+	-- Get variables
+	local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
+	if variables == nil then
+		return self:ret(false, err)
+	end
+	-- Store custom headers name and value
+	local data = {}
+	local i = 0
+	for srv, vars in pairs(variables) do
+		for var, value in pairs(vars) do
+      if data[srv] == nil then
+        data[srv] = {}
+      end
+      local m = utils.regex_match(value, "([\\w-]+): ([^,]+)")
+      if m then
+        data[srv][m[1]] = m[2]
+      end
+      i = i + 1
+		end
+	end
+	local ok, err = self.datastore:set("plugin_headers_custom_headers", data, nil, true)
+	if not ok then
+		return self:ret(false, err)
+	end
+	return self:ret(true, "successfully loaded " .. tostring(i) .. " custom headers")
 end
 
 function headers:header()
   -- Override upstream headers if needed
-  local ssl = utils.get_variable("AUTO_LETS_ENCRYPT", true) == "yes" or
-      utils.get_variable("USE_CUSTOM_SSL", true) == "yes" or
-      utils.get_variable("GENERATE_SELF_SIGNED_SSL", true) == "yes"
+  local ssl = self.variables["AUTO_LETS_ENCRYPT"] == "yes" or
+      self.variables["USE_CUSTOM_SSL"] == "yes" or
+      self.variables["GENERATE_SELF_SIGNED_SSL"] == "yes"
   for variable, header in pairs(self.all_headers) do
-    if ngx.header[header] == nil or self.variables[variable] and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil then
+    if ngx.header[header] == nil or (self.variables[variable] ~= "" and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil) then
       if (header ~= "Strict-Transport-Security" or ssl) then
         if header == "Content-Security-Policy" and self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes" then
           ngx.header["Content-Security-Policy-Report-Only"] = self.variables[variable]
@@ -35,43 +85,17 @@ function headers:header()
       end
     end
   end
-  -- Get variables
-  local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
-  if variables == nil then
-    return self:ret(false, err)
-  end
   -- Add custom headers
-  for srv, vars in pairs(variables) do
-    if srv == self.ctx.bw.server_name or srv == "global" then
-      for var, value in pairs(vars) do
-        if utils.regex_match(var, "CUSTOM_HEADER") and value then
-          local m = utils.regex_match(value, "([\\w-]+): ([^,]+)")
-          if m then
-            ngx.header[m[1]] = m[2]
-          end
-        end
-      end
-    end
+  for header, value in pairs(self.custom_headers) do
+    ngx.header[header] = value
   end
   -- Remove headers
   if self.variables["REMOVE_HEADERS"] ~= "" then
-    local iterator, err = ngx.re.gmatch(self.variables["REMOVE_HEADERS"], "([\\w-]+)")
-    if not iterator then
-      return self:ret(false, "Error while matching remove headers: " .. err)
-    end
-    while true do
-      local m, err = iterator()
-      if err then
-        return self:ret(false, "Error while matching remove headers: " .. err)
-      end
-      if not m then
-        -- No more remove headers
-        break
-      end
-      ngx.header[m[1]] = nil
+    for header in self.variables["REMOVE_HEADERS"]:gmatch("%S+") do
+      ngx.header[header] = nil
     end
   end
-  return self:ret(true, "Edited headers for request")
+  return self:ret(true, "edited headers for request")
 end
 
 return headers