From d59b305f1ee02df8eb8cd066d33986e2ddc54bb0 Mon Sep 17 00:00:00 2001 From: florian Date: Mon, 31 Jul 2023 23:19:19 +0200 Subject: [PATCH] fix concepts image in doc, revert clientcache update and refactor headers --- CHANGELOG.md | 1 + docs/concepts.md | 2 +- src/common/core/antibot/antibot.lua | 2 +- .../{clientcache.lua => clientcache.lua.bak} | 0 .../confs/server-http/client-cache.conf | 1 + src/common/core/customcert/plugin.json | 4 +- src/common/core/headers/headers.lua | 94 ++++++++++++------- 7 files changed, 65 insertions(+), 39 deletions(-) rename src/common/core/clientcache/{clientcache.lua => clientcache.lua.bak} (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5df35ecfb..050f8f300 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ - [BUGFIX] Fix UI not working in Ubuntu (python zope module) - [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems) - [BUGFIX] Custom configurations from env were not being deleted properly +- [BUGFIX] Fix concepts image not displayed in the documentation - [PERFORMANCE] Reduce CPU and RAM usage of scheduler - [PERFORMANCE] Cache ngx.ctx instead of loading it each time - [PERFORMANCE] Use per-worker LRU cache for common RO LUA values diff --git a/docs/concepts.md b/docs/concepts.md index 67b8363a4..439ff769a 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -1,7 +1,7 @@ # Concepts
- ![Overwiew](assets/img/concepts.svg){ align=center } + ![Overwiew](assets/img/concepts.svg){ align=center, width="600" }
## Integrations diff --git a/src/common/core/antibot/antibot.lua b/src/common/core/antibot/antibot.lua index 7f3d2c5b2..528620e18 100644 --- a/src/common/core/antibot/antibot.lua +++ b/src/common/core/antibot/antibot.lua @@ -48,7 +48,7 @@ function antibot:header() end local header = "Content-Security-Policy" - if utils.get_variable("CONTENT_SECURITY_POLICY_REPORT_ONLY", true) == "yes" then + if self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes" then header = header .. "-Report-Only" end diff --git a/src/common/core/clientcache/clientcache.lua b/src/common/core/clientcache/clientcache.lua.bak similarity index 100% rename from src/common/core/clientcache/clientcache.lua rename to src/common/core/clientcache/clientcache.lua.bak diff --git a/src/common/core/clientcache/confs/server-http/client-cache.conf b/src/common/core/clientcache/confs/server-http/client-cache.conf index e4f2ebc4c..0f13a7e3e 100644 --- a/src/common/core/clientcache/confs/server-http/client-cache.conf +++ b/src/common/core/clientcache/confs/server-http/client-cache.conf @@ -1,4 +1,5 @@ {% if USE_CLIENT_CACHE == "yes" +%} +add_header Cache-Control $cache_control; {% if CLIENT_CACHE_ETAG == "yes" and SERVE_FILES == "yes" and USE_REVERSE_PROXY == "no" +%} etag on; {% else +%} diff --git a/src/common/core/customcert/plugin.json b/src/common/core/customcert/plugin.json index a2f03a53b..1816a5f85 100644 --- a/src/common/core/customcert/plugin.json +++ b/src/common/core/customcert/plugin.json @@ -17,7 +17,7 @@ "CUSTOM_SSL_CERT": { "context": "multisite", "default": "", - "help": "Full path of the certificate or bundle file.", + "help": "Full path of the certificate or bundle file (must be readable by the scheduler).", "id": "custom-https-cert", "label": "Certificate path", "regex": "^(/[\\w. -]+)*/?$", @@ -26,7 +26,7 @@ "CUSTOM_SSL_KEY": { "context": "multisite", "default": "", - "help": "Full path of the key file.", + "help": "Full path of the key file (must be readable by the scheduler).", "id": "custom-https-key", "label": "Key path", "regex": "^(/[\\w. -]+)*/?$", diff --git a/src/common/core/headers/headers.lua b/src/common/core/headers/headers.lua index 8406fb553..2574e9e29 100644 --- a/src/common/core/headers/headers.lua +++ b/src/common/core/headers/headers.lua @@ -17,15 +17,65 @@ function headers:initialize() ["X_CONTENT_TYPE_OPTIONS"] = "X-Content-Type-Options", ["X_XSS_PROTECTION"] = "X-XSS-Protection" } + -- Load data from datastore if needed + if ngx.get_phase() ~= "init" then + -- Get custom headers from datastore + local custom_headers, err = self.datastore:get("plugin_headers_custom_headers", true) + if not custom_headers then + self.logger:log(ngx.ERR, err) + return + end + self.custom_headers = {} + -- Extract global headers + if custom_headers.global then + for k, v in pairs(custom_headers.global) do + self.custom_headers[k] = v + end + end + -- Extract and overwrite if needed server headers + if custom_headers[self.ctx.bw.server_name] then + for k, v in pairs(custom_headers[self.ctx.bw.server_name]) do + self.custom_headers[k] = v + end + end + end +end + +function headers:init() + -- Get variables + local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" }) + if variables == nil then + return self:ret(false, err) + end + -- Store custom headers name and value + local data = {} + local i = 0 + for srv, vars in pairs(variables) do + for var, value in pairs(vars) do + if data[srv] == nil then + data[srv] = {} + end + local m = utils.regex_match(value, "([\\w-]+): ([^,]+)") + if m then + data[srv][m[1]] = m[2] + end + i = i + 1 + end + end + local ok, err = self.datastore:set("plugin_headers_custom_headers", data, nil, true) + if not ok then + return self:ret(false, err) + end + return self:ret(true, "successfully loaded " .. tostring(i) .. " custom headers") end function headers:header() -- Override upstream headers if needed - local ssl = utils.get_variable("AUTO_LETS_ENCRYPT", true) == "yes" or - utils.get_variable("USE_CUSTOM_SSL", true) == "yes" or - utils.get_variable("GENERATE_SELF_SIGNED_SSL", true) == "yes" + local ssl = self.variables["AUTO_LETS_ENCRYPT"] == "yes" or + self.variables["USE_CUSTOM_SSL"] == "yes" or + self.variables["GENERATE_SELF_SIGNED_SSL"] == "yes" for variable, header in pairs(self.all_headers) do - if ngx.header[header] == nil or self.variables[variable] and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil then + if ngx.header[header] == nil or (self.variables[variable] ~= "" and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil) then if (header ~= "Strict-Transport-Security" or ssl) then if header == "Content-Security-Policy" and self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes" then ngx.header["Content-Security-Policy-Report-Only"] = self.variables[variable] @@ -35,43 +85,17 @@ function headers:header() end end end - -- Get variables - local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" }) - if variables == nil then - return self:ret(false, err) - end -- Add custom headers - for srv, vars in pairs(variables) do - if srv == self.ctx.bw.server_name or srv == "global" then - for var, value in pairs(vars) do - if utils.regex_match(var, "CUSTOM_HEADER") and value then - local m = utils.regex_match(value, "([\\w-]+): ([^,]+)") - if m then - ngx.header[m[1]] = m[2] - end - end - end - end + for header, value in pairs(self.custom_headers) do + ngx.header[header] = value end -- Remove headers if self.variables["REMOVE_HEADERS"] ~= "" then - local iterator, err = ngx.re.gmatch(self.variables["REMOVE_HEADERS"], "([\\w-]+)") - if not iterator then - return self:ret(false, "Error while matching remove headers: " .. err) - end - while true do - local m, err = iterator() - if err then - return self:ret(false, "Error while matching remove headers: " .. err) - end - if not m then - -- No more remove headers - break - end - ngx.header[m[1]] = nil + for header in self.variables["REMOVE_HEADERS"]:gmatch("%S+") do + ngx.header[header] = nil end end - return self:ret(true, "Edited headers for request") + return self:ret(true, "edited headers for request") end return headers