From 9d0f75dd2aeaa927e971515c6a480fc9cbb479e9 Mon Sep 17 00:00:00 2001 From: Nico Schieder Date: Thu, 1 Dec 2016 16:53:19 +0100 Subject: [PATCH] Add proxy_hide_header and proxy_pass_header directives (#88) * Add proxy_hide_header and proxy_pass_header directives --- nginx-controller/controller/controller.go | 14 ++++++++++++++ nginx-controller/nginx/config.go | 2 ++ nginx-controller/nginx/configurator.go | 18 ++++++++++++++++++ nginx-controller/nginx/ingress.tmpl | 5 ++++- nginx-controller/nginx/nginx.go | 2 ++ 5 files changed, 40 insertions(+), 1 deletion(-) diff --git a/nginx-controller/controller/controller.go b/nginx-controller/controller/controller.go index 5405e15e4d..8bb493ac39 100644 --- a/nginx-controller/controller/controller.go +++ b/nginx-controller/controller/controller.go @@ -315,6 +315,20 @@ func (lbc *LoadBalancerController) syncCfgm(key string) { if proxyReadTimeout, exists := cfgm.Data["proxy-read-timeout"]; exists { cfg.ProxyReadTimeout = proxyReadTimeout } + if proxyHideHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-hide-headers", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyHideHeaders = proxyHideHeaders + } + } + if proxyPassHeaders, exists, err := nginx.GetMapKeyAsStringSlice(cfgm.Data, "proxy-pass-headers", cfgm); exists { + if err != nil { + glog.Error(err) + } else { + cfg.ProxyPassHeaders = proxyPassHeaders + } + } if clientMaxBodySize, exists := cfgm.Data["client-max-body-size"]; exists { cfg.ClientMaxBodySize = clientMaxBodySize } diff --git a/nginx-controller/nginx/config.go b/nginx-controller/nginx/config.go index 25e2c31adf..ddb54744c1 100644 --- a/nginx-controller/nginx/config.go +++ b/nginx-controller/nginx/config.go @@ -14,6 +14,8 @@ type Config struct { ProxyBufferSize string ProxyMaxTempFileSize string ProxyProtocol bool + ProxyHideHeaders []string + ProxyPassHeaders []string HSTS bool HSTSMaxAge int64 HSTSIncludeSubdomains bool diff --git a/nginx-controller/nginx/configurator.go b/nginx-controller/nginx/configurator.go index e88dd15080..dbca50eca1 100644 --- a/nginx-controller/nginx/configurator.go +++ b/nginx-controller/nginx/configurator.go @@ -112,6 +112,8 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri RealIPHeader: ingCfg.RealIPHeader, SetRealIPFrom: ingCfg.SetRealIPFrom, RealIPRecursive: ingCfg.RealIPRecursive, + ProxyHideHeaders: ingCfg.ProxyHideHeaders, + ProxyPassHeaders: ingCfg.ProxyPassHeaders, } if pemFile, ok := pems[serverName]; ok { @@ -160,6 +162,8 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri RealIPHeader: ingCfg.RealIPHeader, SetRealIPFrom: ingCfg.SetRealIPFrom, RealIPRecursive: ingCfg.RealIPRecursive, + ProxyHideHeaders: ingCfg.ProxyHideHeaders, + ProxyPassHeaders: ingCfg.ProxyPassHeaders, } if pemFile, ok := pems[emptyHost]; ok { @@ -190,6 +194,20 @@ func (cnf *Configurator) createConfig(ingEx *IngressEx) Config { if proxyReadTimeout, exists := ingEx.Ingress.Annotations["nginx.org/proxy-read-timeout"]; exists { ingCfg.ProxyReadTimeout = proxyReadTimeout } + if proxyHideHeaders, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-hide-headers", ingEx.Ingress); exists { + if err != nil { + glog.Error(err) + } else { + ingCfg.ProxyHideHeaders = proxyHideHeaders + } + } + if proxyPassHeaders, exists, err := GetMapKeyAsStringSlice(ingEx.Ingress.Annotations, "nginx.org/proxy-pass-headers", ingEx.Ingress); exists { + if err != nil { + glog.Error(err) + } else { + ingCfg.ProxyPassHeaders = proxyPassHeaders + } + } if clientMaxBodySize, exists := ingEx.Ingress.Annotations["nginx.org/client-max-body-size"]; exists { ingCfg.ClientMaxBodySize = clientMaxBodySize } diff --git a/nginx-controller/nginx/ingress.tmpl b/nginx-controller/nginx/ingress.tmpl index d32ac2f1fd..347c46a93c 100644 --- a/nginx-controller/nginx/ingress.tmpl +++ b/nginx-controller/nginx/ingress.tmpl @@ -20,7 +20,10 @@ server { {{if $server.Name}} server_name {{$server.Name}}; {{end}} - + {{range $proxyHideHeader := $server.ProxyHideHeaders}} + proxy_hide_header {{$proxyHideHeader}};{{end}} + {{range $proxyPassHeader := $server.ProxyPassHeaders}} + proxy_pass_header {{$proxyPassHeader}};{{end}} {{if $server.SSL}} if ($scheme = http) { return 301 https://$host$request_uri; diff --git a/nginx-controller/nginx/nginx.go b/nginx-controller/nginx/nginx.go index 909e0a1dc6..6c264706b0 100644 --- a/nginx-controller/nginx/nginx.go +++ b/nginx-controller/nginx/nginx.go @@ -48,6 +48,8 @@ type Server struct { HSTS bool HSTSMaxAge int64 HSTSIncludeSubdomains bool + ProxyHideHeaders []string + ProxyPassHeaders []string // http://nginx.org/en/docs/http/ngx_http_realip_module.html RealIPHeader string