From d5bfa1f67af998e9db1b19dc4aca4fd0cbad9040 Mon Sep 17 00:00:00 2001
From: Dawa Ometto <d.l.a.ometto1@uu.nl>
Date: Mon, 6 Jan 2025 13:15:45 +0100
Subject: [PATCH] role nginx_reverse_proxy: support add_headers

---
 docs/roles/nginx_reverse_proxy.md                           | 3 +++
 molecule/playbook-reverse_proxy/molecule.yml                | 2 +-
 molecule/playbook-reverse_proxy/verify.yml                  | 4 ++++
 .../nginx_reverse_proxy/templates/reverseproxy.conf.j2      | 6 ++++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/docs/roles/nginx_reverse_proxy.md b/docs/roles/nginx_reverse_proxy.md
index 23a5bc09..b5066dfc 100644
--- a/docs/roles/nginx_reverse_proxy.md
+++ b/docs/roles/nginx_reverse_proxy.md
@@ -32,6 +32,9 @@ Debian/Ubuntu operating system.
 - name: root # required
   location: / # required
   proxy_pass: http://localhost:8000/ #  the webapp running on localhost -- not required! you can instead use e.g. 'alias' as well.
+  add_headers: # headers that nginx will add to the response
+    foo: bar
+    bar: foo
   # auth: # setting the auth attribute is not required
   # The options below are example of common nginx options
   # Any "key: value" pair you add will be translated to "key value;" in the nginx config
diff --git a/molecule/playbook-reverse_proxy/molecule.yml b/molecule/playbook-reverse_proxy/molecule.yml
index 1bf299c9..4bd4e4b2 100644
--- a/molecule/playbook-reverse_proxy/molecule.yml
+++ b/molecule/playbook-reverse_proxy/molecule.yml
@@ -22,7 +22,7 @@ provisioner:
       - name: reverse_proxy
         path: reverse_proxy.yml
         parameters:
-          reverse_proxy_locations: '- {name: mock_endpoint, location: /auth_endpoint, proxy_pass: "http://localhost:8000/" }\n- {name: test_noauth, location: /, proxy_pass: "http://localhost:8000" }\n- {name: test_basicauth, location: = /test_basicauth, auth: basic, htpasswd: myauth, proxy_pass: "http://localhost:8000/" }\n- {name: test_basicauth2, location: = /test_basicauth2, auth: basic, htpasswd: myauth2, proxy_pass: "http://localhost:8000/" }\n- {name: test_sramauth, location: /test_sramauth, auth: sram, proxy_pass: "http://localhost/"}\n- {name: test_authoff, location: /test_basicauth/api, auth: noauth, alias: /etc/nginx, proxy_set_header: { X-Real-IP: ""} }'
+          reverse_proxy_locations: '- {name: mock_endpoint, location: /auth_endpoint, proxy_pass: "http://localhost:8000/" }\n- {name: test_noauth, location: /, proxy_pass: "http://localhost:8000", add_headers: {myheader: foo } }\n- {name: test_basicauth, location: = /test_basicauth, auth: basic, htpasswd: myauth, proxy_pass: "http://localhost:8000/" }\n- {name: test_basicauth2, location: = /test_basicauth2, auth: basic, htpasswd: myauth2, proxy_pass: "http://localhost:8000/" }\n- {name: test_sramauth, location: /test_sramauth, auth: sram, proxy_pass: "http://localhost/"}\n- {name: test_authoff, location: /test_basicauth/api, auth: noauth, alias: /etc/nginx, proxy_set_header: { X-Real-IP: ""} }'
           reverse_proxy_auth_info: '- {name: myauth, username: test, password: letmein}\n'
           basic_auth_default_username: 'test2'
           basic_auth_default_password: 'letmeintoo'
diff --git a/molecule/playbook-reverse_proxy/verify.yml b/molecule/playbook-reverse_proxy/verify.yml
index e496da89..c813297a 100644
--- a/molecule/playbook-reverse_proxy/verify.yml
+++ b/molecule/playbook-reverse_proxy/verify.yml
@@ -18,6 +18,9 @@
         return_content: true
       register: root_location
 
+    - name: Check for custom header header in / location
+      ansible.builtin.shell: "curl -v http://localhost/bin/ | grep -q 'myheader: foo'"
+
     - name: Test /test_basicauth2 location
       ansible.builtin.uri:
         url: http://localhost/test_basicauth2
@@ -65,5 +68,6 @@
           - basicauth_location.status == 200
           - "'bin' in basicauth_location.content"
           - root_location.status == 200
+          - root_location.
           - "'whoami' in root_location.content"
           - "' application/x-xpinstall' in api_location.content"
diff --git a/playbooks/roles/nginx_reverse_proxy/templates/reverseproxy.conf.j2 b/playbooks/roles/nginx_reverse_proxy/templates/reverseproxy.conf.j2
index f43af368..445bf1f3 100644
--- a/playbooks/roles/nginx_reverse_proxy/templates/reverseproxy.conf.j2
+++ b/playbooks/roles/nginx_reverse_proxy/templates/reverseproxy.conf.j2
@@ -45,6 +45,12 @@ location {{ vhost_properties.location }} {
     {% endif %}
     {% endif %}
 
+    {% if vhost_properties.add_headers is defined %}
+    {% for header, value in vhost_properties.add_headers.items() -%}
+    add_header {{ header }} {{ value }};
+    {%- endfor %}
+    {% endif %}
+
     {% if vhost_properties.proxy_pass is defined %}
     proxy_pass {{ vhost_properties.proxy_pass }};
     {% for header, value in proxy_headers.items() -%}