Extend KEEP_UPSTREAM_HEADERS setting to clientcache and reverseproxy core plugins

src/common/core/clientcache/clientcache.lua

@@ -0,0 +1,23 @@
+local class       = require "middleclass"
+local plugin      = require "bunkerweb.plugin"
+local utils       = require "bunkerweb.utils"
+
+local clientcache = class("clientcache", plugin)
+
+function clientcache:initialize()
+  -- Call parent initialize
+  plugin.initialize(self, "clientcache")
+end
+
+function clientcache:header()
+  -- Override Cache-Control header if needed
+  if self.variables["USE_CLIENT_CACHE"] == "yes" then
+    local keep_upstream_headers = utils.get_variable("KEEP_UPSTREAM_HEADERS")
+    if ngx.header["Cache-Control"] == nil or keep_upstream_headers ~= "*" and utils.regex_match(keep_upstream_headers, "(^| )Cache-Control($| )") == nil then
+      ngx.header["Cache-Control"] = ngx.var.cache_control
+    end
+  end
+  return self:ret(true, "Success")
+end
+
+return clientcache

src/common/core/clientcache/confs/server-http/client-cache.conf

@@ -1,5 +1,4 @@
 {% if USE_CLIENT_CACHE == "yes" +%}
-add_header Cache-Control $cache_control;
 	{% if CLIENT_CACHE_ETAG == "yes" and SERVE_FILES == "yes" and USE_REVERSE_PROXY == "no" +%}
 etag on;
 	{% else +%}

src/common/core/headers/headers.lua

@@ -1,14 +1,14 @@
-local class  = require "middleclass"
-local plugin = require "bunkerweb.plugin"
-local utils  = require "bunkerweb.utils"
+local class   = require "middleclass"
+local plugin  = require "bunkerweb.plugin"
+local utils   = require "bunkerweb.utils"
 
-local headers   = class("headers", plugin)
+local headers = class("headers", plugin)
 
 function headers:initialize()
-	-- Call parent initialize
-	plugin.initialize(self, "headers")
-	self.all_headers = {
-		["STRICT_TRANSPORT_SECURITY"] = "Strict-Transport-Security",
+  -- Call parent initialize
+  plugin.initialize(self, "headers")
+  self.all_headers = {
+    ["STRICT_TRANSPORT_SECURITY"] = "Strict-Transport-Security",
     ["CONTENT_SECURITY_POLICY"] = "Content-Security-Policy",
     ["REFERRER_POLICY"] = "Referrer-Policy",
     ["PERMISSIONS_POLICY"] = "Permissions-Policy",
@@ -16,24 +16,25 @@ function headers:initialize()
     ["X_FRAME_OPTIONS"] = "X-Frame-Options",
     ["X_CONTENT_TYPE_OPTIONS"] = "X-Content-Type-Options",
     ["X_XSS_PROTECTION"] = "X-XSS-Protection"
-	}
+  }
 end
 
 function headers:header()
-	-- Override upstream headers if needed
-  local ssl = utils.get_variable("AUTO_LETS_ENCRYPT") == "yes" or utils.get_variable("USE_CUSTOM_SSL") == "yes" or utils.get_variable("GENERATE_SELF_SIGNED_SSL") == "yes"
-	for variable, header in pairs(self.all_headers) do
+  -- Override upstream headers if needed
+  local ssl = utils.get_variable("AUTO_LETS_ENCRYPT") == "yes" or utils.get_variable("USE_CUSTOM_SSL") == "yes" or
+      utils.get_variable("GENERATE_SELF_SIGNED_SSL") == "yes"
+  for variable, header in pairs(self.all_headers) do
     if ngx.header[header] == nil or self.variables[variable] and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil then
       if header ~= "Strict-Transport-Security" or ssl then
         ngx.header[header] = self.variables[variable]
       end
     end
-	end
+  end
   -- Get variables
-	local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
+  local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
   if variables == nil then
-		return self:ret(false, err)
-	end
+    return self:ret(false, err)
+  end
   -- Add custom headers
   for srv, vars in pairs(variables) do
     if srv == ngx.ctx.bw.server_name then
@@ -51,21 +52,21 @@ function headers:header()
   if self.variables["REMOVE_HEADERS"] ~= "" then
     local iterator, err = ngx.re.gmatch(self.variables["REMOVE_HEADERS"], "([\\w-]+)")
     if not iterator then
-        return self:ret(false, "Error while matching remove headers: " .. err)
+      return self:ret(false, "Error while matching remove headers: " .. err)
     end
     while true do
       local m, err = iterator()
       if err then
-          return self:ret(false, "Error while matching remove headers: " .. err)
+        return self:ret(false, "Error while matching remove headers: " .. err)
       end
       if not m then
-          -- No more remove headers
-          break
+        -- No more remove headers
+        break
       end
       ngx.header[m[1]] = nil
     end
   end
-	return self:ret(true, "Edited headers for request")
+  return self:ret(true, "Edited headers for request")
 end
 
 return headers

src/common/core/reverseproxy/confs/server-http/reverse-proxy.conf

@@ -17,7 +17,6 @@ proxy_cache_bypass {{ PROXY_CACHE_BYPASS }};
 			{% for element in PROXY_CACHE_VALID.split(" ") +%}
 proxy_cache_valid {{ element.split("=")[0] }} {{ element.split("=")[1] }};
 			{% endfor %}
-add_header X-Proxy-Cache $upstream_cache_status;
 		{% endif %}
 
 	{% endif %}
@@ -29,7 +28,6 @@ add_header X-Proxy-Cache $upstream_cache_status;
 			{% set host = all[k.replace("URL", "HOST")] if k.replace("URL", "HOST") in all else "" %}
 			{% set ws = all[k.replace("URL", "WS")] if k.replace("URL", "WS") in all else "" %}
 			{% set headers = all[k.replace("URL", "HEADERS")] if k.replace("URL", "HEADERS") in all else "" %}
-			{% set headers_client = all[k.replace("URL", "HEADERS_CLIENT")] if k.replace("URL", "HEADERS_CLIENT") in all else "" %}
 			{% set buffering = all[k.replace("URL", "BUFFERING")] if k.replace("URL", "BUFFERING") in all else "yes" %}
 			{% set keepalive = all[k.replace("URL", "KEEPALIVE")] if k.replace("URL", "KEEPALIVE") in all else "yes" %}
 			{% set auth_request = all[k.replace("URL", "AUTH_REQUEST")] if k.replace("URL", "AUTH_REQUEST") in all else "" %}
@@ -77,11 +75,6 @@ location {{ url }} {% raw %}{{% endraw +%}
 	proxy_set_header {{ header }};
 			{% endfor +%}
 		{% endif +%}
-		{% if headers_client != "" +%}
-			{% for header_client in headers_client.split(";") +%}
-	add_header {{ header_client }};
-			{% endfor +%}
-		{% endif +%}
 	proxy_connect_timeout {{ connect_timeout }};
 	proxy_read_timeout {{ read_timeout }};
 	proxy_send_timeout {{ send_timeout }};

src/common/core/reverseproxy/reverseproxy.lua

@@ -0,0 +1,49 @@
+local class        = require "middleclass"
+local plugin       = require "bunkerweb.plugin"
+local utils        = require "bunkerweb.utils"
+
+local reverseproxy = class("reverseproxy", plugin)
+
+function reverseproxy:initialize()
+  -- Call parent initialize
+  plugin.initialize(self, "reverseproxy")
+end
+
+function reverseproxy:header()
+  -- Set proxy cache header if needed
+  if self.variables["USE_PROXY_CACHE"] == "yes" and self.variables["PROXY_CACHE_VALID"] ~= "" then
+    ngx.header["X-Proxy-Cache"] = ngx.var.upstream_cache_status
+  end
+  -- Get variables
+  local variables, err = utils.get_multiple_variables({ "REVERSE_PROXY_HEADERS_CLIENT" })
+  if variables == nil then
+    return self:ret(false, err)
+  end
+  -- Add reverseproxy client headers
+  for srv, vars in pairs(variables) do
+    if srv == ngx.ctx.bw.server_name then
+      for var, value in pairs(vars) do
+        if utils.regex_match(var, "REVERSE_PROXY_HEADERS_CLIENT") and value then
+          local iterator, err = ngx.re.gmatch(value, "([\\w-]+) ([^;]+)")
+          if not iterator then
+            return self:ret(false, "Error while matching reverseproxy client headers: " .. err .. " - " .. value)
+          end
+          while true do
+            local m, err = iterator()
+            if err then
+              return self:ret(false, "Error while matching reverseproxy client headers: " .. err .. " - " .. value)
+            end
+            if not m then
+              -- No more matches
+              break
+            end
+            ngx.header[m[1]] = m[2]
+          end
+        end
+      end
+    end
+  end
+  return self:ret(true, "Success")
+end
+
+return reverseproxy