vhost: Support manipulating headers

Support deleting vhosts
2024-07-28 00:45:37 +03:00 · 2024-07-28 00:45:20 +03:00
4 changed files with 55 additions and 8 deletions
--- a/roles/vhost/defaults/main.yml
+++ b/roles/vhost/defaults/main.yml
@@ -1,15 +1,20 @@
 ---

+vhost_state: present
+vhost_type: "{{ vhost_state }}"
+vhost_domains: []
 web_server: caddy

 vhost_locations: []
 vhost_headers: {}
+vhost_delete_headers: []

 vhost_basicauth: false
 vhost_basicauth_users: {}

 proxy_target_protocol: http
 proxy_target_host: localhost
+proxy_delete_headers: []

 redirect_type: temporary
 redirect_preserve_path: false
--- a/roles/vhost/meta/argument_specs.yml
+++ b/roles/vhost/meta/argument_specs.yml
@@ -8,16 +8,25 @@ argument_specs:
        description: A unique identifier for this vhost. Not visible to end users.
        type: str
        required: true
+      vhost_state:
+        description: Whether the vhost should exist or not
+        type: str
+        required: false
+        default: present
+        choices:
+          - present
+          - absent
      vhost_type:
        type: str
-        required: true
+        required: "{{ vhost_state == 'present' }}"
        choices:
          - reverse_proxy
          - redirect
          - respond
+          - absent
      vhost_domains:
        type: list
-        required: true
+        required: "{{ vhost_state == 'present' }}"
        elements: str
      web_server:
        description: Defines which server software to use for vhost. This role does nothing if set to none
@@ -28,10 +37,16 @@ argument_specs:
          - caddy
          - none
      vhost_headers:
-        description: dict of headers and their values
+        description: Dict of response headers and their values
        type: dict
        required: false
        default: {}
+      vhost_delete_headers:
+        description: List of reponse headers to delete
+        type: list
+        elements: str
+        required: false
+        default: []

      vhost_basicauth:
        description: Whether to require basic auth for the vhost
@@ -47,7 +62,7 @@ argument_specs:
      proxy_target_port:
        description: Port where to proxy requests to. Only applicable if vhost_type is reverse_proxy
        type: int
-        required: "{{ vhost_type == 'reverse_proxy' }}"
+        required: "{{ vhost_state == 'present' and vhost_type == 'reverse_proxy' }}"
      proxy_target_host:
        description: Host where to proxy requests to. Only applicable if vhost_type is reverse_proxy
        type: str
@@ -61,11 +76,17 @@ argument_specs:
        choices:
          - http
          - https
+      proxy_delete_headers:
+        description: List of headers to delete from proxied requests
+        type: list
+        elements: str
+        required: false
+        default: []

      redirect_target:
        description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
        type: str
-        required: "{{ vhost_type == 'redirect' }}"
+        required: "{{ vhost_state == 'present' and vhost_type == 'redirect' }}"
      redirect_preserve_path:
        description: Whether to keep the original request path
        type: bool
@@ -83,7 +104,7 @@ argument_specs:
      respond_content:
        description: Content to respond with. Json content can be set as yaml as long as respond_content_type is set to json
        type: str
-        required: "{{ vhost_type == 'respond' }}"
+        required: "{{ vhost_state == 'present' and vhost_type == 'respond' }}"
      respond_content_type:
        description: Type of the respond content
        type: str
@@ -113,10 +134,16 @@ argument_specs:
              - redirect
              - respond
          headers:
-            description: dict of headers and their values
+            description: Dict of response headers and their values
            type: dict
            required: false
            default: "{{ vhost_headers }}"
+          delete_headers:
+            description: List of response headers to delete
+            type: list
+            elements: str
+            required: false
+            default: "{{ vhost_delete_headers }}"

          basicauth:
            description: Whether to require basic auth for the location
@@ -146,6 +173,12 @@ argument_specs:
            choices:
              - http
              - https
+          proxy_delete_headers:
+            description: List of request headers to delete from proxied requests
+            type: list
+            elements: str
+            required: false
+            default: "{{ proxy_delete_headers }}"

          redirect_target:
            description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
--- a/roles/vhost/tasks/caddy.yml
+++ b/roles/vhost/tasks/caddy.yml
@@ -8,6 +8,9 @@
      {{ vhost_domains | join(' ') }} {
        {% for location in vhost_locations_all %}
        handle {{ location.path }} {
+          {% for header in location.delete_headers %}
+          header -{{ header }}
+          {% endfor %}
          {% for header in location.headers | dict2items %}
          header {{ header.key }} `{{ header.value }}`
          {% endfor %}
@@ -26,6 +29,9 @@
            }
            {% endif %}
          }
+          {% for header in location.proxy_delete_headers %}
+          request_header -{{ header }}
+          {% endfor %}
          {% elif location.type == 'redirect' %}
          redir {{ location.redirect_target }}{{ '{uri}' if location.redirect_preserve_path }} {{ location.redirect_type }}
          {% elif location.type == 'respond' %}
@@ -40,4 +46,5 @@
      }
    validate: 'caddy validate --config %s --adapter caddyfile'
    backup: true
+    state: "{{ vhost_state }}"
  notify: Reload caddy
--- a/roles/vhost/tasks/main.yml
+++ b/roles/vhost/tasks/main.yml
@@ -8,7 +8,7 @@
    - redirect_target.split('://') | length < 2
    - not redirect_target.startswith('/')

- name: Fail if redirect_tartget ends with / and redirect_preserve_path is true
+- name: Fail if redirect_target ends with / and redirect_preserve_path is true
  ansible.builtin.fail:
    msg: redirect_target must not end with / if redirect_preserve_path is true
  when:
@@ -25,6 +25,7 @@
      'path': item.path,
      'type': item.type | default(vhost_type),
      'headers': item.headers | default(vhost_headers),
+      'delete_headers': item.delete_headers | default(vhost_delete_headers),

      'basicauth': item.basicauth | default(vhost_basicauth),
      'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
@@ -32,6 +33,7 @@
      'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''),
      'proxy_target_host': item.proxy_target_host | default(proxy_target_host),
      'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol),
+      'proxy_delete_headers': item.proxy_delete_headers | default(proxy_delete_headers),

      'redirect_target': item.redirect_target | default(redirect_target if vhost_type == 'redirect' else ''),
      'redirect_preserve_path': item.redirect_preserve_path | default(redirect_preserve_path),
Author	SHA1	Message	Date
uumas	3331a96cbc	vhost: Support manipulating headers	2024-07-28 00:45:37 +03:00
uumas	1dbb9eac4c	Support deleting vhosts	2024-07-28 00:45:20 +03:00