From d9f8733c39bf7deb74754341cbbfacc111f2ca1d Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Sat, 5 Apr 2025 03:58:48 +0300
Subject: [PATCH] Add support for not passing host header to proxy upstream

---
 roles/vhost/defaults/main.yaml           |  1 +
 roles/vhost/meta/argument_specs.yaml     | 10 ++++++++++
 roles/vhost/templates/Caddyfile_block.j2 |  3 +++
 roles/vhost/vars/main.yaml               |  1 +
 4 files changed, 15 insertions(+)

diff --git a/roles/vhost/defaults/main.yaml b/roles/vhost/defaults/main.yaml
index 86f62e2..dc97331 100644
--- a/roles/vhost/defaults/main.yaml
+++ b/roles/vhost/defaults/main.yaml
@@ -15,6 +15,7 @@ vhost_proxy_target_netproto: tcp
 vhost_proxy_target_protocol: http
 vhost_proxy_target_host: localhost
 vhost_proxy_delete_headers: []
+vhost_proxy_pass_host_header: true
 
 vhost_redirect_type: temporary
 vhost_redirect_preserve_path: false
diff --git a/roles/vhost/meta/argument_specs.yaml b/roles/vhost/meta/argument_specs.yaml
index c0713ab..a690ad0 100644
--- a/roles/vhost/meta/argument_specs.yaml
+++ b/roles/vhost/meta/argument_specs.yaml
@@ -109,6 +109,11 @@ argument_specs:
         elements: str
         required: false
         default: []
+      vhost_proxy_pass_host_header:
+        description: Whether to pass the host header unchanged (true) or change it to the proxy target host (false)
+        trpe: bool
+        required: false
+        default: true
 
       vhost_redirect_target:
         description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
@@ -230,6 +235,11 @@ argument_specs:
             elements: str
             required: false
             default: "{{ vhost_proxy_delete_headers }}"
+          proxy_pass_host_header:
+            description: Whether to pass the host header unchanged (true) or change it to the proxy target host (false)
+            trpe: bool
+            required: false
+            default: "{{ vhost_proxy_pass_host_header }}"
 
           redirect_target:
             description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
diff --git a/roles/vhost/templates/Caddyfile_block.j2 b/roles/vhost/templates/Caddyfile_block.j2
index e87baca..377092a 100644
--- a/roles/vhost/templates/Caddyfile_block.j2
+++ b/roles/vhost/templates/Caddyfile_block.j2
@@ -33,6 +33,9 @@
           {% for header in location.proxy_delete_headers %}
             header_up -{{ header }}
           {% endfor %}
+          {% if not location.proxy_pass_host_header %}
+            header_up Host {upstream_hostport}
+          {% endif %}
         }
       {% elif location.type == 'redirect' %}
         redir * {{ location.redirect_target }}{{ '{path}' if location.redirect_preserve_path }}{{ '?{query}' if location.redirect_preserve_query }} {{ location.redirect_type }}
diff --git a/roles/vhost/vars/main.yaml b/roles/vhost/vars/main.yaml
index 795fc53..494af0d 100644
--- a/roles/vhost/vars/main.yaml
+++ b/roles/vhost/vars/main.yaml
@@ -15,6 +15,7 @@ _vhost_location_defaults:
   proxy_target_socket: "{{ vhost_proxy_target_socket if
     vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'unix' else '' }}"
   proxy_delete_headers: "{{ vhost_proxy_delete_headers }}"
+  proxy_pass_host_header: "{{ vhost_proxy_pass_host_header }}"
 
   redirect_target: "{{ vhost_redirect_target if vhost_type == 'redirect' else '' }}"
   redirect_preserve_path: "{{ vhost_redirect_preserve_path }}"