Merge pull request #94 from aledbf/server-tokens

Add support to disable server_tokens directive
kubernetes · Jan 12, 2017 · 54d9762 · 54d9762
2 parents 717594a + af9375a
commit 54d9762
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 8 deletions.
diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go
@@ -156,6 +156,11 @@ type Configuration struct {
 	// http://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size
 	ServerNameHashBucketSize int `json:"server-name-hash-bucket-size,omitempty"`
 
+	// Enables or disables emitting nginx version in error messages and in the “Server” response header field.
+	// http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
+	// Default: true
+	ShowServerTokens bool `json:"server-tokens"`
+
 	// Enabled ciphers list to enabled. The ciphers are specified in the format understood by
 	// the OpenSSL library
 	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
@@ -234,6 +239,7 @@ func NewDefault() Configuration {
 		ProxyRealIPCIDR:          defIPCIDR,
 		ServerNameHashMaxSize:    512,
 		ServerNameHashBucketSize: 64,
+		ShowServerTokens:         true,
 		SSLBufferSize:            sslBufferSize,
 		SSLCiphers:               sslCiphers,
 		SSLProtocols:             sslProtocols,
@@ -266,13 +272,13 @@ func NewDefault() Configuration {
 }
 
 type TemplateConfig struct {
-	BacklogSize        int
-	Backends           []*ingress.Backend
+	BacklogSize         int
+	Backends            []*ingress.Backend
 	PassthroughBackends []*ingress.SSLPassthroughBackend
-	Servers            []*ingress.Server
-	TCPBackends        []*ingress.Location
-	UDPBackends        []*ingress.Location
-	HealthzURI         string
-	CustomErrors       bool
-	Cfg                Configuration
+	Servers             []*ingress.Server
+	TCPBackends         []*ingress.Location
+	UDPBackends         []*ingress.Location
+	HealthzURI          string
+	CustomErrors        bool
+	Cfg                 Configuration
 }
diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -68,6 +68,8 @@ http {
     gzip_proxied any;
     {{ end }}
 
+    server_tokens {{ if $cfg.ShowServerTokens }}on{{ else }}off{{ end }};
+
     client_max_body_size "{{ $cfg.BodySize }}";
 
     log_format upstreaminfo '{{ if $cfg.UseProxyProtocol }}$proxy_protocol_addr{{ else }}$remote_addr{{ end }} - '