Extend KEEP_UPSTREAM_HEADERS setting to clientcache and reverseproxy core plugins
This commit is contained in:
parent
0ca7de1de1
commit
f93dd34f67
|
@ -0,0 +1,23 @@
|
|||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
|
||||
local clientcache = class("clientcache", plugin)
|
||||
|
||||
function clientcache:initialize()
|
||||
-- Call parent initialize
|
||||
plugin.initialize(self, "clientcache")
|
||||
end
|
||||
|
||||
function clientcache:header()
|
||||
-- Override Cache-Control header if needed
|
||||
if self.variables["USE_CLIENT_CACHE"] == "yes" then
|
||||
local keep_upstream_headers = utils.get_variable("KEEP_UPSTREAM_HEADERS")
|
||||
if ngx.header["Cache-Control"] == nil or keep_upstream_headers ~= "*" and utils.regex_match(keep_upstream_headers, "(^| )Cache-Control($| )") == nil then
|
||||
ngx.header["Cache-Control"] = ngx.var.cache_control
|
||||
end
|
||||
end
|
||||
return self:ret(true, "Success")
|
||||
end
|
||||
|
||||
return clientcache
|
|
@ -1,5 +1,4 @@
|
|||
{% if USE_CLIENT_CACHE == "yes" +%}
|
||||
add_header Cache-Control $cache_control;
|
||||
{% if CLIENT_CACHE_ETAG == "yes" and SERVE_FILES == "yes" and USE_REVERSE_PROXY == "no" +%}
|
||||
etag on;
|
||||
{% else +%}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
|
||||
local headers = class("headers", plugin)
|
||||
local headers = class("headers", plugin)
|
||||
|
||||
function headers:initialize()
|
||||
-- Call parent initialize
|
||||
plugin.initialize(self, "headers")
|
||||
self.all_headers = {
|
||||
["STRICT_TRANSPORT_SECURITY"] = "Strict-Transport-Security",
|
||||
-- Call parent initialize
|
||||
plugin.initialize(self, "headers")
|
||||
self.all_headers = {
|
||||
["STRICT_TRANSPORT_SECURITY"] = "Strict-Transport-Security",
|
||||
["CONTENT_SECURITY_POLICY"] = "Content-Security-Policy",
|
||||
["REFERRER_POLICY"] = "Referrer-Policy",
|
||||
["PERMISSIONS_POLICY"] = "Permissions-Policy",
|
||||
|
@ -16,24 +16,25 @@ function headers:initialize()
|
|||
["X_FRAME_OPTIONS"] = "X-Frame-Options",
|
||||
["X_CONTENT_TYPE_OPTIONS"] = "X-Content-Type-Options",
|
||||
["X_XSS_PROTECTION"] = "X-XSS-Protection"
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
function headers:header()
|
||||
-- Override upstream headers if needed
|
||||
local ssl = utils.get_variable("AUTO_LETS_ENCRYPT") == "yes" or utils.get_variable("USE_CUSTOM_SSL") == "yes" or utils.get_variable("GENERATE_SELF_SIGNED_SSL") == "yes"
|
||||
for variable, header in pairs(self.all_headers) do
|
||||
-- Override upstream headers if needed
|
||||
local ssl = utils.get_variable("AUTO_LETS_ENCRYPT") == "yes" or utils.get_variable("USE_CUSTOM_SSL") == "yes" or
|
||||
utils.get_variable("GENERATE_SELF_SIGNED_SSL") == "yes"
|
||||
for variable, header in pairs(self.all_headers) do
|
||||
if ngx.header[header] == nil or self.variables[variable] and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil then
|
||||
if header ~= "Strict-Transport-Security" or ssl then
|
||||
ngx.header[header] = self.variables[variable]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
-- Get variables
|
||||
local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
|
||||
local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
|
||||
if variables == nil then
|
||||
return self:ret(false, err)
|
||||
end
|
||||
return self:ret(false, err)
|
||||
end
|
||||
-- Add custom headers
|
||||
for srv, vars in pairs(variables) do
|
||||
if srv == ngx.ctx.bw.server_name then
|
||||
|
@ -51,21 +52,21 @@ function headers:header()
|
|||
if self.variables["REMOVE_HEADERS"] ~= "" then
|
||||
local iterator, err = ngx.re.gmatch(self.variables["REMOVE_HEADERS"], "([\\w-]+)")
|
||||
if not iterator then
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
end
|
||||
while true do
|
||||
local m, err = iterator()
|
||||
if err then
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
end
|
||||
if not m then
|
||||
-- No more remove headers
|
||||
break
|
||||
-- No more remove headers
|
||||
break
|
||||
end
|
||||
ngx.header[m[1]] = nil
|
||||
end
|
||||
end
|
||||
return self:ret(true, "Edited headers for request")
|
||||
return self:ret(true, "Edited headers for request")
|
||||
end
|
||||
|
||||
return headers
|
||||
|
|
|
@ -17,7 +17,6 @@ proxy_cache_bypass {{ PROXY_CACHE_BYPASS }};
|
|||
{% for element in PROXY_CACHE_VALID.split(" ") +%}
|
||||
proxy_cache_valid {{ element.split("=")[0] }} {{ element.split("=")[1] }};
|
||||
{% endfor %}
|
||||
add_header X-Proxy-Cache $upstream_cache_status;
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
@ -29,7 +28,6 @@ add_header X-Proxy-Cache $upstream_cache_status;
|
|||
{% set host = all[k.replace("URL", "HOST")] if k.replace("URL", "HOST") in all else "" %}
|
||||
{% set ws = all[k.replace("URL", "WS")] if k.replace("URL", "WS") in all else "" %}
|
||||
{% set headers = all[k.replace("URL", "HEADERS")] if k.replace("URL", "HEADERS") in all else "" %}
|
||||
{% set headers_client = all[k.replace("URL", "HEADERS_CLIENT")] if k.replace("URL", "HEADERS_CLIENT") in all else "" %}
|
||||
{% set buffering = all[k.replace("URL", "BUFFERING")] if k.replace("URL", "BUFFERING") in all else "yes" %}
|
||||
{% set keepalive = all[k.replace("URL", "KEEPALIVE")] if k.replace("URL", "KEEPALIVE") in all else "yes" %}
|
||||
{% set auth_request = all[k.replace("URL", "AUTH_REQUEST")] if k.replace("URL", "AUTH_REQUEST") in all else "" %}
|
||||
|
@ -77,11 +75,6 @@ location {{ url }} {% raw %}{{% endraw +%}
|
|||
proxy_set_header {{ header }};
|
||||
{% endfor +%}
|
||||
{% endif +%}
|
||||
{% if headers_client != "" +%}
|
||||
{% for header_client in headers_client.split(";") +%}
|
||||
add_header {{ header_client }};
|
||||
{% endfor +%}
|
||||
{% endif +%}
|
||||
proxy_connect_timeout {{ connect_timeout }};
|
||||
proxy_read_timeout {{ read_timeout }};
|
||||
proxy_send_timeout {{ send_timeout }};
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
|
||||
local reverseproxy = class("reverseproxy", plugin)
|
||||
|
||||
function reverseproxy:initialize()
|
||||
-- Call parent initialize
|
||||
plugin.initialize(self, "reverseproxy")
|
||||
end
|
||||
|
||||
function reverseproxy:header()
|
||||
-- Set proxy cache header if needed
|
||||
if self.variables["USE_PROXY_CACHE"] == "yes" and self.variables["PROXY_CACHE_VALID"] ~= "" then
|
||||
ngx.header["X-Proxy-Cache"] = ngx.var.upstream_cache_status
|
||||
end
|
||||
-- Get variables
|
||||
local variables, err = utils.get_multiple_variables({ "REVERSE_PROXY_HEADERS_CLIENT" })
|
||||
if variables == nil then
|
||||
return self:ret(false, err)
|
||||
end
|
||||
-- Add reverseproxy client headers
|
||||
for srv, vars in pairs(variables) do
|
||||
if srv == ngx.ctx.bw.server_name then
|
||||
for var, value in pairs(vars) do
|
||||
if utils.regex_match(var, "REVERSE_PROXY_HEADERS_CLIENT") and value then
|
||||
local iterator, err = ngx.re.gmatch(value, "([\\w-]+) ([^;]+)")
|
||||
if not iterator then
|
||||
return self:ret(false, "Error while matching reverseproxy client headers: " .. err .. " - " .. value)
|
||||
end
|
||||
while true do
|
||||
local m, err = iterator()
|
||||
if err then
|
||||
return self:ret(false, "Error while matching reverseproxy client headers: " .. err .. " - " .. value)
|
||||
end
|
||||
if not m then
|
||||
-- No more matches
|
||||
break
|
||||
end
|
||||
ngx.header[m[1]] = m[2]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
return self:ret(true, "Success")
|
||||
end
|
||||
|
||||
return reverseproxy
|
Loading…
Reference in New Issue