role nginx_reverse_proxy: support add_headers

UtrechtUniversity · Jan 6, 2025 · 7717694 · 7717694
1 parent 0ee57e5
commit 7717694
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 1 deletion.
diff --git a/docs/roles/nginx_reverse_proxy.md b/docs/roles/nginx_reverse_proxy.md
@@ -32,6 +32,9 @@ Debian/Ubuntu operating system.
 - name: root # required
   location: / # required
   proxy_pass: http://localhost:8000/ #  the webapp running on localhost -- not required! you can instead use e.g. 'alias' as well.
+  add_headers: # headers that nginx will add to the response
+    foo: bar
+    bar: foo
   # auth: # setting the auth attribute is not required
   # The options below are example of common nginx options
   # Any "key: value" pair you add will be translated to "key value;" in the nginx config

diff --git a/molecule/playbook-reverse_proxy/molecule.yml b/molecule/playbook-reverse_proxy/molecule.yml
@@ -22,7 +22,7 @@ provisioner:
       - name: reverse_proxy
         path: reverse_proxy.yml
         parameters:
-          reverse_proxy_locations: '- {name: mock_endpoint, location: /auth_endpoint, proxy_pass: "http://localhost:8000/" }\n- {name: test_noauth, location: /, proxy_pass: "http://localhost:8000" }\n- {name: test_basicauth, location: = /test_basicauth, auth: basic, htpasswd: myauth, proxy_pass: "http://localhost:8000/" }\n- {name: test_basicauth2, location: = /test_basicauth2, auth: basic, htpasswd: myauth2, proxy_pass: "http://localhost:8000/" }\n- {name: test_sramauth, location: /test_sramauth, auth: sram, proxy_pass: "http://localhost/"}\n- {name: test_authoff, location: /test_basicauth/api, auth: noauth, alias: /etc/nginx, proxy_set_header: { X-Real-IP: ""} }'
+          reverse_proxy_locations: '- {name: mock_endpoint, location: /auth_endpoint, proxy_pass: "http://localhost:8000/" }\n- {name: test_noauth, location: /, proxy_pass: "http://localhost:8000", add_headers: {myheader: foo } }\n- {name: test_basicauth, location: = /test_basicauth, auth: basic, htpasswd: myauth, proxy_pass: "http://localhost:8000/" }\n- {name: test_basicauth2, location: = /test_basicauth2, auth: basic, htpasswd: myauth2, proxy_pass: "http://localhost:8000/" }\n- {name: test_sramauth, location: /test_sramauth, auth: sram, proxy_pass: "http://localhost/"}\n- {name: test_authoff, location: /test_basicauth/api, auth: noauth, alias: /etc/nginx, proxy_set_header: { X-Real-IP: ""} }'
           reverse_proxy_auth_info: '- {name: myauth, username: test, password: letmein}\n'
           basic_auth_default_username: 'test2'
           basic_auth_default_password: 'letmeintoo'
diff --git a/molecule/playbook-reverse_proxy/verify.yml b/molecule/playbook-reverse_proxy/verify.yml
@@ -18,6 +18,10 @@
         return_content: true
       register: root_location
 
+    - name: Check for custom header header in / location
+      ansible.builtin.command: curl -v http://localhost/bin/
+      register: check_headers
+
     - name: Test /test_basicauth2 location
       ansible.builtin.uri:
         url: http://localhost/test_basicauth2
@@ -65,5 +69,6 @@
           - basicauth_location.status == 200
           - "'bin' in basicauth_location.content"
           - root_location.status == 200
+          - "'myheader: foo' in check_headers.stderr"
           - "'whoami' in root_location.content"
           - "' application/x-xpinstall' in api_location.content"
diff --git a/playbooks/roles/nginx_reverse_proxy/templates/reverseproxy.conf.j2 b/playbooks/roles/nginx_reverse_proxy/templates/reverseproxy.conf.j2
@@ -45,6 +45,12 @@ location {{ vhost_properties.location }} {
     {% endif %}
     {% endif %}
 
+    {% if vhost_properties.add_headers is defined %}
+    {% for header, value in vhost_properties.add_headers.items() -%}
+    add_header {{ header }} {{ value }};
+    {%- endfor %}
+    {% endif %}
+
     {% if vhost_properties.proxy_pass is defined %}
     proxy_pass {{ vhost_properties.proxy_pass }};
     {% for header, value in proxy_headers.items() -%}