majic-ansible-roles Changeset

Changeset - 8944b8348567

Parent rev.

Child rev.

[Not reviewed]

0 8 0

Branko Majic (branko) - 2 months ago 2024-03-06 23:10:22
branko@majic.rs

MAR-226: Harmonise the HTTP header override parameter between the PHP and WSGI website roles:

- Use the new naming/syntax introduced in the php_website role since
it implies less dependence on the backend application (more generic
name for it), and is a little bit saner in terms of not having to
provide quotes as part of the value.

8 files changed with 38 insertions and 18 deletions:

docs/releasenotes.rst

docs/rolereference.rst

docs/usage.rst

roles/wsgi_website/defaults/main.yml

roles/wsgi_website/molecule/default/playbook.yml

roles/wsgi_website/molecule/default/tests/test_parameters_optional.py

roles/wsgi_website/templates/nginx_site.j2

testsite/group_vars/web.yml

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -77,12 +77,18 @@ Debian 12 Bookworm. Some minor improvements and fixes. @@
     defaults to Python 3 binary.
     Python (input) requirements files are now placed under the
     ``/etc/pip_check_requirements_upgrades`` path, in accordance to
     changes made in this release to the ``common`` role.
   * Dropped the ``proxy_headers`` parameter, and replaced it with the
     ``http_header_overrides`` parameter. The new parameter has similar
     function, but the values should no longer include double
     quotes. Main goal is ease of use and consistency between the PHP
     and WSGI website roles.
 **New features/improvements**
 * ``php_website`` role
   * Environment indicator can now be collapsed by clicking on the
     arrows on the left side.

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1934,18 +1934,30 @@ Parameters @@
 **packages** (list, optional, ``[]``)
   A list of additional packages to install for this particular WSGI
   website. This is usually going to be development libraries for building Python
   packages.
 **proxy_headers** (dictionary, optional, ``{}``)
   Additional headers to set when proxying request to Gunicorn. Keys are header
   names, values are header values. Both should be compatible with Nginx
   ``proxy_set_header``. If you need to provide an empty value, use quotes (don't
   forget to surround them by another set of quotes for YAML syntax, for example
   ``"\"\""`` or ``'""'``).
 **http_header_overrides** (dict, optional, ``{}``)
   HTTP headers to set/override on the incoming request before passing
   it on to the WSGI application. Keys are HTTP header names, values are
   header values.
   Double quotes in the value must be escaped with a backslash. Make
   sure to take into account the YAML escaping as well. For example, to
   set the value to ``this is quote - "``, YAML should look like one of
   the following:
   - ``this is double quote - "``
   - ``'this is double quote - \"'``
   - ``"this is double quote - \\\"'``
   To clear a header value, simply set its value to an empty
   string. Nginx variables can be used as well, however keep in mind
   that the dollar sign (``$``) *cannot* be used/escaped due to Nginx
   configuration file syntax limitations.
 **rewrites** (list, optional, ``[]``)
   A list of rewrite rules that are applied to incoming requests. Each element of
   the list should be a string value compatible with the format of ``nginx``
   option ``rewrite``. The keyword ``rewrite`` itself should be omitted, as well
   as trailing semi-colon (``;``).
@@ @@ -2053,14 +2065,14 @@ running a bare Django project): @@
           value: error_page 404 /static/404.html;
       website_mail_recipients: "root john.doe@example.com"
       environment_indicator:
         background_colour: "green"
         text_colour: "black"
         text: "TEST ENVIRONMENT"
       proxy_headers:
         Accept-Encoding: '""'
       http_header_overrides:
         Accept-Encoding: ""
     # Use wsgi_requirements to deploy Gunicorn.
     - role: wsgi_website
       fqdn: wsgi.example.com
       wsgi_application: wsgi:main
       wsgi_requirements:

docs/usage.rst

➞

Show inline comments

@@ @@ -1811,14 +1811,16 @@ on the safe side: @@
   will be automatically activated for you.
 * WSGI applications are executed via *Gunicorn*. The WSGI server listens on a
   Unix socket, making the socket accessible by *Nginx*.
 * If you ever need to set some environment variables, this can easily be done
   via the ``environment_variables`` role parameter. This particular example does
   not set any, though.
 * You can also specify headers to be passed on via Nginx ``proxy_set_header``
   directive to Gunicorn running the application.
 * You can also specify headers to be modified in incoming client
   request before it gets passed on to the WSGI application using the
   ``http_header_overrides`` parameter.  directive to Gunicorn running
   the application.
 * Mails deliverd to local admin/application users are forwarded to ``root``
   account instead (this can be configured via ``website_mail_recipients`` role
   parameter.
 * If you ever find yourself mixing-up test and production websites,
   have a look at ``environment_indicator`` role parameter. It lets you
   insert small strip with environment information at bottom of each

roles/wsgi_website/defaults/main.yml

➞

Show inline comments

@@ @@ -6,13 +6,13 @@ rewrites: [] @@
 static_locations: []
 use_paste: false
 virtualenv_packages: []
 environment_variables: {}
 website_mail_recipients: "root"
 environment_indicator: null
-proxy_headers: {}
+http_header_overrides: {}
 wsgi_requirements:
   - gunicorn==21.2.0
   - packaging==23.2
 wsgi_requirements_in:
   - gunicorn

roles/wsgi_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -33,14 +33,14 @@ @@
         text: "parameters-optional"
       environment_variables:
         MY_ENV_VAR: "My environment variable"
       packages:
         - atftp
         - global
       proxy_headers:
         Accept-Encoding: '""'
       http_header_overrides:
         Accept-Encoding: ""
       rewrites:
         - '^/rewrite1/(.*) /rewritten1/ last'
         - '^/rewrite2/(.*) /rewritten2/$1 last'
       static_locations:
         - /static/
         - /media/

roles/wsgi_website/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -19,13 +19,13 @@ def test_installed_packages(host): @@
 def test_index_page(host):
     """
     Tests if index page is served correctly. This covers:
     - Basic WSGI application operation.
     - Handling of environment variables.
-    - Handling of proxy headers.
+    - Handling of HTTP header overrides.
     """
     page = host.run('curl -H "Accept-Encoding: plain" https://parameters-optional.local/')
     assert page.rc == 0
     assert "This is the WSGI application at parameters-optional.local." in page.stdout

roles/wsgi_website/templates/nginx_site.j2

➞

Show inline comments

@@ @@ -47,14 +47,14 @@ server { @@
     location / {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $http_host;
         proxy_redirect off;
     {% for header, value in proxy_headers | dictsort -%}
     proxy_set_header {{ header }} {{ value }};
     {% for header, value in http_header_overrides | dictsort -%}
     proxy_set_header {{ header }} "{{ value }}";
     {% endfor -%}
         proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;
+    }
     {% if environment_indicator -%}

testsite/group_vars/web.yml

➞

Show inline comments

@@ @@ -17,14 +17,14 @@ website_mail_recipients: "john.doe@example.com" @@
 environment_indicator:
   background_colour: "purple"
   text_colour: "white"
   text: "Majic Ansible Roles Test Site"
 proxy_headers:
   Accept-Encoding: '"gzip"'
 http_header_overrides:
   Accept-Encoding: "gzip"
 web_server_tls_protocols:
   - TLSv1.2
   - TLSv1.1
 web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:\

0 comments (0 inline, 0 general)