diff --git a/examples/customization/README.md b/examples/customization/README.md index 243a782ac3..425b2d1537 100644 --- a/examples/customization/README.md +++ b/examples/customization/README.md @@ -29,6 +29,7 @@ The table below summarizes some of the options. More options (extensions) are av | N/A | `set-real-ip-from` | Sets the value of the [set_real_ip_from](http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from) directive. | N/A | | N/A | `real-ip-header` | Sets the value of the [real_ip_header](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header) directive. | `X-Real-IP`| | N/A | `real-ip-recursive` | Enables or disables the [real_ip_recursive](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive) directive. | `False`| +| `nginx.org/server-tokens` | `server-tokens` | Enables or disables the [server_tokens](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) directive. Additionally, with the NGINX Plus controller, you can specify a custom string value. The empty string value disables the emission of the “Server” field. | `True`| ## Using ConfigMaps diff --git a/examples/customization/nginx-config.yaml b/examples/customization/nginx-config.yaml index 1a835468a2..8e4f1d948f 100644 --- a/examples/customization/nginx-config.yaml +++ b/examples/customization/nginx-config.yaml @@ -31,3 +31,4 @@ data: set-real-ip-from: "192.168.192.168" # No default. Sets the value of the set_real_ip_from directive. See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from real-ip-header: "proxy_protocol" # default is X-Real-IP. Sets the value of the real_ip_header directive. http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header real-ip-recursive: "True" # default is "False". Enables or disables the real_ip_recursive directive. See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive + server-tokens: "False" # default is "True". Enables or disables the server_tokens directive. See http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens diff --git a/nginx-plus-controller/controller/controller.go b/nginx-plus-controller/controller/controller.go index 2bd5772dd8..5400ac6c1b 100644 --- a/nginx-plus-controller/controller/controller.go +++ b/nginx-plus-controller/controller/controller.go @@ -361,6 +361,18 @@ func (lbc *LoadBalancerController) syncCfgm(key string) { if cfgmExists { cfgm := obj.(*api.ConfigMap) + if serverTokens, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "server-tokens", cfgm); exists { + if err != nil { + // not a boolean value. hence, a custom string + cfg.ServerTokens = cfgm.Data["server-tokens"] + } else { + cfg.ServerTokens = "off" + if serverTokens { + cfg.ServerTokens = "on" + } + } + } + if proxyConnectTimeout, exists := cfgm.Data["proxy-connect-timeout"]; exists { cfg.ProxyConnectTimeout = proxyConnectTimeout } diff --git a/nginx-plus-controller/nginx/config.go b/nginx-plus-controller/nginx/config.go index 350654ff8b..aa8874a07f 100644 --- a/nginx-plus-controller/nginx/config.go +++ b/nginx-plus-controller/nginx/config.go @@ -2,6 +2,7 @@ package nginx // Config holds NGINX configuration parameters type Config struct { + ServerTokens string ProxyConnectTimeout string ProxyReadTimeout string ClientMaxBodySize string @@ -35,6 +36,7 @@ type Config struct { // NewDefaultConfig creates a Config with default values func NewDefaultConfig() *Config { return &Config{ + ServerTokens: "on", ProxyConnectTimeout: "60s", ProxyReadTimeout: "60s", ClientMaxBodySize: "1m", diff --git a/nginx-plus-controller/nginx/configurator.go b/nginx-plus-controller/nginx/configurator.go index d48141e444..0a5360548d 100644 --- a/nginx-plus-controller/nginx/configurator.go +++ b/nginx-plus-controller/nginx/configurator.go @@ -118,6 +118,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri server := Server{ Name: serverName, + ServerTokens: ingCfg.ServerTokens, HTTP2: ingCfg.HTTP2, ProxyProtocol: ingCfg.ProxyProtocol, HSTS: ingCfg.HSTS, @@ -173,6 +174,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri server := Server{ Name: serverName, + ServerTokens: ingCfg.ServerTokens, HTTP2: ingCfg.HTTP2, ProxyProtocol: ingCfg.ProxyProtocol, HSTS: ingCfg.HSTS, @@ -208,6 +210,17 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri func (cnf *Configurator) createConfig(ingEx *IngressEx) Config { ingCfg := *cnf.config + if serverTokens, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, "nginx.org/server-tokens", ingEx.Ingress); exists { + if err != nil { + // not a boolean value. hence, a custom string + ingCfg.ServerTokens = ingEx.Ingress.Annotations["nginx.org/server-tokens"] + } else { + ingCfg.ServerTokens = "off" + if serverTokens { + ingCfg.ServerTokens = "on" + } + } + } if proxyConnectTimeout, exists := ingEx.Ingress.Annotations["nginx.org/proxy-connect-timeout"]; exists { ingCfg.ProxyConnectTimeout = proxyConnectTimeout } diff --git a/nginx-plus-controller/nginx/ingress.tmpl b/nginx-plus-controller/nginx/ingress.tmpl index 79093e2ae8..615daed1d7 100644 --- a/nginx-plus-controller/nginx/ingress.tmpl +++ b/nginx-plus-controller/nginx/ingress.tmpl @@ -20,6 +20,8 @@ server { {{if $server.RealIPHeader}}real_ip_header {{$server.RealIPHeader}};{{end}} {{if $server.RealIPRecursive}}real_ip_recursive on;{{end}} + server_tokens "{{$server.ServerTokens}}"; + {{if $server.Name}} server_name {{$server.Name}}; {{end}} diff --git a/nginx-plus-controller/nginx/nginx.go b/nginx-plus-controller/nginx/nginx.go index a07782a127..577fab2e4a 100644 --- a/nginx-plus-controller/nginx/nginx.go +++ b/nginx-plus-controller/nginx/nginx.go @@ -42,6 +42,7 @@ type UpstreamServer struct { // Server describes an NGINX server type Server struct { Name string + ServerTokens string Locations []Location SSL bool SSLCertificate string