vhost: Support manipulating headers

2024-07-28 00:45:37 +03:00
parent 1dbb9eac4c
commit 3331a96cbc
4 changed files with 37 additions and 3 deletions
--- a/roles/vhost/defaults/main.yml
+++ b/roles/vhost/defaults/main.yml
@@ -7,12 +7,14 @@ web_server: caddy

 vhost_locations: []
 vhost_headers: {}
+vhost_delete_headers: []

 vhost_basicauth: false
 vhost_basicauth_users: {}

 proxy_target_protocol: http
 proxy_target_host: localhost
+proxy_delete_headers: []

 redirect_type: temporary
 redirect_preserve_path: false
--- a/roles/vhost/meta/argument_specs.yml
+++ b/roles/vhost/meta/argument_specs.yml
@@ -37,10 +37,16 @@ argument_specs:
          - caddy
          - none
      vhost_headers:
-        description: dict of headers and their values
+        description: Dict of response headers and their values
        type: dict
        required: false
        default: {}
+      vhost_delete_headers:
+        description: List of reponse headers to delete
+        type: list
+        elements: str
+        required: false
+        default: []

      vhost_basicauth:
        description: Whether to require basic auth for the vhost
@@ -70,6 +76,12 @@ argument_specs:
        choices:
          - http
          - https
+      proxy_delete_headers:
+        description: List of headers to delete from proxied requests
+        type: list
+        elements: str
+        required: false
+        default: []

      redirect_target:
        description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
@@ -122,10 +134,16 @@ argument_specs:
              - redirect
              - respond
          headers:
-            description: dict of headers and their values
+            description: Dict of response headers and their values
            type: dict
            required: false
            default: "{{ vhost_headers }}"
+          delete_headers:
+            description: List of response headers to delete
+            type: list
+            elements: str
+            required: false
+            default: "{{ vhost_delete_headers }}"

          basicauth:
            description: Whether to require basic auth for the location
@@ -155,6 +173,12 @@ argument_specs:
            choices:
              - http
              - https
+          proxy_delete_headers:
+            description: List of request headers to delete from proxied requests
+            type: list
+            elements: str
+            required: false
+            default: "{{ proxy_delete_headers }}"

          redirect_target:
            description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
--- a/roles/vhost/tasks/caddy.yml
+++ b/roles/vhost/tasks/caddy.yml
@@ -8,6 +8,9 @@
      {{ vhost_domains | join(' ') }} {
        {% for location in vhost_locations_all %}
        handle {{ location.path }} {
+          {% for header in location.delete_headers %}
+          header -{{ header }}
+          {% endfor %}
          {% for header in location.headers | dict2items %}
          header {{ header.key }} `{{ header.value }}`
          {% endfor %}
@@ -26,6 +29,9 @@
            }
            {% endif %}
          }
+          {% for header in location.proxy_delete_headers %}
+          request_header -{{ header }}
+          {% endfor %}
          {% elif location.type == 'redirect' %}
          redir {{ location.redirect_target }}{{ '{uri}' if location.redirect_preserve_path }} {{ location.redirect_type }}
          {% elif location.type == 'respond' %}
--- a/roles/vhost/tasks/main.yml
+++ b/roles/vhost/tasks/main.yml
@@ -8,7 +8,7 @@
    - redirect_target.split('://') | length < 2
    - not redirect_target.startswith('/')

- name: Fail if redirect_tartget ends with / and redirect_preserve_path is true
+- name: Fail if redirect_target ends with / and redirect_preserve_path is true
  ansible.builtin.fail:
    msg: redirect_target must not end with / if redirect_preserve_path is true
  when:
@@ -25,6 +25,7 @@
      'path': item.path,
      'type': item.type | default(vhost_type),
      'headers': item.headers | default(vhost_headers),
+      'delete_headers': item.delete_headers | default(vhost_delete_headers),

      'basicauth': item.basicauth | default(vhost_basicauth),
      'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
@@ -32,6 +33,7 @@
      'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''),
      'proxy_target_host': item.proxy_target_host | default(proxy_target_host),
      'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol),
+      'proxy_delete_headers': item.proxy_delete_headers | default(proxy_delete_headers),

      'redirect_target': item.redirect_target | default(redirect_target if vhost_type == 'redirect' else ''),
      'redirect_preserve_path': item.redirect_preserve_path | default(redirect_preserve_path),