uumas/ansible-general
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

vhost: Support manipulating headers

Browse Source
This commit is contained in:
uumas
2024-07-28 00:45:37 +03:00
parent 1dbb9eac4c
commit 3331a96cbc
4 changed files with 37 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/vhost/defaults/main.yml
View File

@@ -7,12 +7,14 @@ web_server: caddy
vhost_locations: [] vhost_locations: []
vhost_headers: {} vhost_headers: {}
vhost_delete_headers: []
vhost_basicauth: false vhost_basicauth: false
vhost_basicauth_users: {} vhost_basicauth_users: {}
proxy_target_protocol: http proxy_target_protocol: http
proxy_target_host: localhost proxy_target_host: localhost
proxy_delete_headers: []
redirect_type: temporary redirect_type: temporary
redirect_preserve_path: false redirect_preserve_path: false

28
roles/vhost/meta/argument_specs.yml
View File

@@ -37,10 +37,16 @@ argument_specs:
- caddy - caddy
- none - none
vhost_headers: vhost_headers:
description: dict of headers and their values description: Dict of response headers and their values
type: dict type: dict
required: false required: false
default: {} default: {}
vhost_delete_headers:
description: List of reponse headers to delete
type: list
elements: str
required: false
default: []
vhost_basicauth: vhost_basicauth:
description: Whether to require basic auth for the vhost description: Whether to require basic auth for the vhost
@@ -70,6 +76,12 @@ argument_specs:
choices: choices:
- http - http
- https - https
proxy_delete_headers:
description: List of headers to delete from proxied requests
type: list
elements: str
required: false
default: []
redirect_target: redirect_target:
description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location" description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
@@ -122,10 +134,16 @@ argument_specs:
- redirect - redirect
- respond - respond
headers: headers:
description: dict of headers and their values description: Dict of response headers and their values
type: dict type: dict
required: false required: false
default: "{{ vhost_headers }}" default: "{{ vhost_headers }}"
delete_headers:
description: List of response headers to delete
type: list
elements: str
required: false
default: "{{ vhost_delete_headers }}"
basicauth: basicauth:
description: Whether to require basic auth for the location description: Whether to require basic auth for the location
@@ -155,6 +173,12 @@ argument_specs:
choices: choices:
- http - http
- https - https
proxy_delete_headers:
description: List of request headers to delete from proxied requests
type: list
elements: str
required: false
default: "{{ proxy_delete_headers }}"
redirect_target: redirect_target:
description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location" description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"

6
roles/vhost/tasks/caddy.yml
View File

@@ -8,6 +8,9 @@
{{ vhost_domains | join(' ') }} { {{ vhost_domains | join(' ') }} {
{% for location in vhost_locations_all %} {% for location in vhost_locations_all %}
handle {{ location.path }} { handle {{ location.path }} {
{% for header in location.delete_headers %}
header -{{ header }}
{% endfor %}
{% for header in location.headers | dict2items %} {% for header in location.headers | dict2items %}
header {{ header.key }} `{{ header.value }}` header {{ header.key }} `{{ header.value }}`
{% endfor %} {% endfor %}
@@ -26,6 +29,9 @@
} }
{% endif %} {% endif %}
} }
{% for header in location.proxy_delete_headers %}
request_header -{{ header }}
{% endfor %}
{% elif location.type == 'redirect' %} {% elif location.type == 'redirect' %}
redir {{ location.redirect_target }}{{ '{uri}' if location.redirect_preserve_path }} {{ location.redirect_type }} redir {{ location.redirect_target }}{{ '{uri}' if location.redirect_preserve_path }} {{ location.redirect_type }}
{% elif location.type == 'respond' %} {% elif location.type == 'respond' %}

4
roles/vhost/tasks/main.yml
View File

@@ -8,7 +8,7 @@
- redirect_target.split('://') | length < 2 - redirect_target.split('://') | length < 2
- not redirect_target.startswith('/') - not redirect_target.startswith('/')
- name: Fail if redirect_tartget ends with / and redirect_preserve_path is true - name: Fail if redirect_target ends with / and redirect_preserve_path is true
ansible.builtin.fail: ansible.builtin.fail:
msg: redirect_target must not end with / if redirect_preserve_path is true msg: redirect_target must not end with / if redirect_preserve_path is true
when: when:
@@ -25,6 +25,7 @@
'path': item.path, 'path': item.path,
'type': item.type | default(vhost_type), 'type': item.type | default(vhost_type),
'headers': item.headers | default(vhost_headers), 'headers': item.headers | default(vhost_headers),
'delete_headers': item.delete_headers | default(vhost_delete_headers),
'basicauth': item.basicauth | default(vhost_basicauth), 'basicauth': item.basicauth | default(vhost_basicauth),
'basicauth_users': item.basicauth_users | default(vhost_basicauth_users), 'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
@@ -32,6 +33,7 @@
'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''), 'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''),
'proxy_target_host': item.proxy_target_host | default(proxy_target_host), 'proxy_target_host': item.proxy_target_host | default(proxy_target_host),
'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol), 'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol),
'proxy_delete_headers': item.proxy_delete_headers | default(proxy_delete_headers),
'redirect_target': item.redirect_target | default(redirect_target if vhost_type == 'redirect' else ''), 'redirect_target': item.redirect_target | default(redirect_target if vhost_type == 'redirect' else ''),
'redirect_preserve_path': item.redirect_preserve_path | default(redirect_preserve_path), 'redirect_preserve_path': item.redirect_preserve_path | default(redirect_preserve_path),