Merge pull request #112 from nginxinc/server-tokens

Disable emitting nginx version for Plus controller

Author: pleshakov

examples/customization/README.md

@@ -29,6 +29,7 @@ The table below summarizes some of the options. More options (extensions) are av
 | N/A | `set-real-ip-from` | Sets the value of the [set_real_ip_from](http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from) directive. | N/A |
 | N/A | `real-ip-header` | Sets the value of the [real_ip_header](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header) directive. | `X-Real-IP`|
 | N/A | `real-ip-recursive` | Enables or disables the [real_ip_recursive](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive) directive. | `False`|
+| `nginx.org/server-tokens` | `server-tokens` | Enables or disables the [server_tokens](http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) directive. Additionally, with the NGINX Plus controller, you can specify a custom string value. The empty string value disables the emission of the “Server” field. | `True`|
 
 ## Using ConfigMaps
 

examples/customization/nginx-config.yaml

@@ -31,3 +31,4 @@ data:
   set-real-ip-from: "192.168.192.168" # No default. Sets the value of the set_real_ip_from directive. See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
   real-ip-header: "proxy_protocol" # default is X-Real-IP. Sets the value of the real_ip_header directive. http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
   real-ip-recursive: "True" # default is "False". Enables or disables the real_ip_recursive directive. See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
+  server-tokens: "False" # default is "True". Enables or disables the server_tokens directive. See http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens

nginx-plus-controller/controller/controller.go

@@ -361,6 +361,18 @@ func (lbc *LoadBalancerController) syncCfgm(key string) {
 	if cfgmExists {
 		cfgm := obj.(*api.ConfigMap)
 
+		if serverTokens, exists, err := nginx.GetMapKeyAsBool(cfgm.Data, "server-tokens", cfgm); exists {
+			if err != nil {
+				// not a boolean value. hence, a custom string
+				cfg.ServerTokens = cfgm.Data["server-tokens"]
+			} else {
+				cfg.ServerTokens = "off"
+				if serverTokens {
+					cfg.ServerTokens = "on"
+				}
+			}
+		}
+
 		if proxyConnectTimeout, exists := cfgm.Data["proxy-connect-timeout"]; exists {
 			cfg.ProxyConnectTimeout = proxyConnectTimeout
 		}

nginx-plus-controller/nginx/config.go

@@ -2,6 +2,7 @@ package nginx
 
 // Config holds NGINX configuration parameters
 type Config struct {
+	ServerTokens                  string
 	ProxyConnectTimeout           string
 	ProxyReadTimeout              string
 	ClientMaxBodySize             string
@@ -35,6 +36,7 @@ type Config struct {
 // NewDefaultConfig creates a Config with default values
 func NewDefaultConfig() *Config {
 	return &Config{
+		ServerTokens:               "on",
 		ProxyConnectTimeout:        "60s",
 		ProxyReadTimeout:           "60s",
 		ClientMaxBodySize:          "1m",

nginx-plus-controller/nginx/configurator.go

@@ -118,6 +118,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri
 
 		server := Server{
 			Name:                  serverName,
+			ServerTokens:          ingCfg.ServerTokens,
 			HTTP2:                 ingCfg.HTTP2,
 			ProxyProtocol:         ingCfg.ProxyProtocol,
 			HSTS:                  ingCfg.HSTS,
@@ -173,6 +174,7 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri
 
 		server := Server{
 			Name:                  serverName,
+			ServerTokens:          ingCfg.ServerTokens,
 			HTTP2:                 ingCfg.HTTP2,
 			ProxyProtocol:         ingCfg.ProxyProtocol,
 			HSTS:                  ingCfg.HSTS,
@@ -208,6 +210,17 @@ func (cnf *Configurator) generateNginxCfg(ingEx *IngressEx, pems map[string]stri
 
 func (cnf *Configurator) createConfig(ingEx *IngressEx) Config {
 	ingCfg := *cnf.config
+	if serverTokens, exists, err := GetMapKeyAsBool(ingEx.Ingress.Annotations, "nginx.org/server-tokens", ingEx.Ingress); exists {
+		if err != nil {
+			// not a boolean value. hence, a custom string
+			ingCfg.ServerTokens = ingEx.Ingress.Annotations["nginx.org/server-tokens"]
+		} else {
+			ingCfg.ServerTokens = "off"
+			if serverTokens {
+				ingCfg.ServerTokens = "on"
+			}
+		}
+	}
 	if proxyConnectTimeout, exists := ingEx.Ingress.Annotations["nginx.org/proxy-connect-timeout"]; exists {
 		ingCfg.ProxyConnectTimeout = proxyConnectTimeout
 	}

nginx-plus-controller/nginx/ingress.tmpl

@@ -20,6 +20,8 @@ server {
 	{{if $server.RealIPHeader}}real_ip_header {{$server.RealIPHeader}};{{end}}
 	{{if $server.RealIPRecursive}}real_ip_recursive on;{{end}}
 
+	server_tokens "{{$server.ServerTokens}}";
+
 	{{if $server.Name}}
 	server_name {{$server.Name}};
 	{{end}}

nginx-plus-controller/nginx/nginx.go

@@ -42,6 +42,7 @@ type UpstreamServer struct {
 // Server describes an NGINX server
 type Server struct {
 	Name                  string
+	ServerTokens          string
 	Locations             []Location
 	SSL                   bool
 	SSLCertificate        string