Update mainstream

Author: helalferrari

README.md

@@ -74,6 +74,10 @@ The following variables are available to configure the role:
   servers, defaults to ```["unix:/var/run/php-fpm-bkp.sock"]```.
 - **nginx_drupal_language_path_prefixes**: (optional) The list of enabled
   language path prefixes used on the site.
+- **nginx_drupal_x_frame_options**: (optional) Value of the X-Frame-Options
+  response header, defaults to `DENY`. If the site uses frames, set to
+  `SAMEORIGIN`. `DENY` may conflicts with pseudo streaming (at least with Nginx
+  version 1.0.12)
 - **nginx_drupal_sites**: The list of available sites.
     Each site uses the following structure:
     - **file_name**: The name of the site configuration file.
@@ -94,10 +98,11 @@ The following variables are available to configure the role:
     - **limit_conn**: (optional) The limit_conn for the site (defaults to
       ```arbeit 32```).
     - **enabled**: Whether or not the site should be enabled (defaults to true).
-    * **rewrites**: A list of rewrites directives, using the following structure:
+    - **rewrites**: (optional) A list of rewrites directives, using the following structure:
         - **regex**: The regular expression used to match the URI.
         - **replacement**: The replacement pattern used for the rewrite.
-        - **flags**: (optiona) The flag parameter for the rewrite.
+        - **flags**: (optional) The flag parameter for the rewrite.
+    - **includes**: (optional) A list of additional Nginx configuration files to incldue for the site.
 
 
 Examples

defaults/main.yml

@@ -30,4 +30,4 @@ nginx_drupal_sites: none
 nginx_drupal_http_pre_includes: []
 nginx_drupal_http_post_includes: []
 nginx_drupal_language_path_prefixes: []
-nginx_drupal_xframe_options: "SAMEORIGIN"
+nginx_drupal_x_frame_options: DENY

templates/apps/drupal/drupal.j2

@@ -396,4 +396,9 @@ location @empty {
 ## Any other attempt to access PHP files returns a 404.
 location ~* ^.+\.php$ {
     return 404;
-}
+}
+
+## Add support for custom monitoring script.
+location = /monitor/index.php {
+  fastcgi_pass   phpcgi;
+}

templates/nginx.j2

@@ -160,16 +160,13 @@ http {
     ## https://www.owasp.org/index.php/List_of_useful_HTTP_headers.
     add_header X-XSS-Protection '1; mode=block';
 
+    {% if nginx_drupal_x_frame_options %}
     ## Enable clickjacking protection in modern browsers. Available in
     ## IE8 also. See
     ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
     ## This may conflicts with pseudo streaming (at least with Nginx version 1.0.12).
-    ## Uncomment the line below if you're not using media streaming.
-    ## For sites being framing on the same domqin uncomment the line below.
-    #add_header X-Frame-Options SAMEORIGIN;
-    ## For sites accepting to be framed in any context comment the
-    ## line below.
-    add_header X-Frame-Options {{nginx_drupal_xframe_options}};
+    add_header X-Frame-Options {{ nginx_drupal_x_frame_options }};
+    {% endif %}
 
     ## Block MIME type sniffing on IE.
     add_header X-Content-Options nosniff;

templates/sites-available/drupal-site.j2

@@ -60,13 +60,20 @@ server {
     proxy_http_version 1.1; # keep alive to the Apache upstream
     {% endif %}
 
-    {% if item.rewrites is defined -%}
-    {% for rewrite in item.rewrites -%}
+    {% if item.rewrites is defined %}
     ## URL rewriting
+    {% for rewrite in item.rewrites %}
     rewrite {{rewrite.regex}} {{rewrite.replacement}} {{rewrite.flags|default('')}};
-    {%- endfor %}
+    {% endfor %}
     {%- endif %}
 
+    {% if item.includes is defined %}
+    ## Custom include(s)
+    {% for include in item.includes %}
+    include {{ include }};
+    {% endfor %}
+    {% endif %}
+
 
     {% if not nginx_drupal_use_boost -%}
     {% if not nginx_drupal_escape_uri -%}
@@ -238,6 +245,20 @@ server {
         return 405;
     }
 
+    {% if item.rewrites is defined %}
+    ## URL rewriting
+    {% for rewrite in item.rewrites %}
+    rewrite {{rewrite.regex}} {{rewrite.replacement}} {{rewrite.flags|default('')}};
+    {% endfor %}
+    {%- endif %}
+
+    {% if item.includes is defined %}
+    ## Custom include(s)
+    {% for include in item.includes %}
+    include {{ include }};
+    {% endfor %}
+    {% endif %}
+
     {% if not nginx_drupal_use_boost -%}
     {% if not nginx_drupal_escape_uri -%}
     ################################################################