From 20eed2084fa04dea0b13f6f9720319dce5818096 Mon Sep 17 00:00:00 2001 From: Rajesh Paul Date: Tue, 17 Aug 2021 21:41:20 +0530 Subject: [PATCH 1/5] added dependency openresty; removed dependency nginx --- omnibus/config/software/supermarket.rb | 3 ++- omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/omnibus/config/software/supermarket.rb b/omnibus/config/software/supermarket.rb index d8c8ffddf..28047192f 100644 --- a/omnibus/config/software/supermarket.rb +++ b/omnibus/config/software/supermarket.rb @@ -21,7 +21,8 @@ dependency "cacerts" dependency "git" -dependency "nginx" +# dependency "nginx" +dependency "openresty" dependency "postgresql" dependency "redis" dependency "ruby" diff --git a/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb b/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb index 72b1a9195..87e15838e 100644 --- a/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb +++ b/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb @@ -37,6 +37,7 @@ http { <% end %> server_tokens off; + more_clear_headers Server; add_header X-Clacks-Overhead "GNU Terry Pratchett"; sendfile <%= @nginx['sendfile'] %>; From cd2e71f3755d5c9f4e510a6adc80025d7dfc1afa Mon Sep 17 00:00:00 2001 From: Rajesh Paul Date: Wed, 18 Aug 2021 01:01:17 +0530 Subject: [PATCH 2/5] removed commented code Signed-off-by: Rajesh Paul --- omnibus/config/software/supermarket.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/omnibus/config/software/supermarket.rb b/omnibus/config/software/supermarket.rb index 28047192f..4a4cb6896 100644 --- a/omnibus/config/software/supermarket.rb +++ b/omnibus/config/software/supermarket.rb @@ -21,7 +21,6 @@ dependency "cacerts" dependency "git" -# dependency "nginx" dependency "openresty" dependency "postgresql" dependency "redis" From 96285e00d4db7bd0844b63f7ce3d35949b791ba4 Mon Sep 17 00:00:00 2001 From: Rajesh Paul Date: Wed, 18 Aug 2021 17:13:25 +0530 Subject: [PATCH 3/5] changed inspec test to check for server header value should be nil instead of nginx --- .../test/integration/default/inspec/controls/install-check.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb index 2129a6207..0e257227d 100644 --- a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb +++ b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb @@ -85,7 +85,7 @@ describe "http GET to Port #{property['supermarket']['nginx']['non_ssl_port']}" do subject { http("http://localhost:#{property['supermarket']['nginx']['non_ssl_port']}") } it 'should not include server version number in response headers' do - expect(subject.headers.server).to cmp('nginx') + expect(subject.headers.server).to cmp(nil) end end @@ -97,7 +97,7 @@ describe http("https://#{property['supermarket']['fqdn']}:#{property['supermarket']['nginx']['ssl_port']}", ssl_verify: false) do it 'should not include server version number in response headers' do - expect(subject.headers.server).to cmp('nginx') + expect(subject.headers.server).to cmp(nil) end its('headers.keys') { should include('strict-transport-security') } From 26f02dad896a184ee9c950fce16092d287a14242 Mon Sep 17 00:00:00 2001 From: Rajesh Paul Date: Wed, 18 Aug 2021 18:07:27 +0530 Subject: [PATCH 4/5] checking with nil test directive change --- .../test/integration/default/inspec/controls/install-check.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb index 0e257227d..f61209934 100644 --- a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb +++ b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb @@ -85,7 +85,7 @@ describe "http GET to Port #{property['supermarket']['nginx']['non_ssl_port']}" do subject { http("http://localhost:#{property['supermarket']['nginx']['non_ssl_port']}") } it 'should not include server version number in response headers' do - expect(subject.headers.server).to cmp(nil) + expect(subject.headers.server).to.be_nil end end @@ -97,7 +97,7 @@ describe http("https://#{property['supermarket']['fqdn']}:#{property['supermarket']['nginx']['ssl_port']}", ssl_verify: false) do it 'should not include server version number in response headers' do - expect(subject.headers.server).to cmp(nil) + expect(subject.headers.server).to.be_nil end its('headers.keys') { should include('strict-transport-security') } From 33591891cd78ec4347267d5fb4c517921abac827 Mon Sep 17 00:00:00 2001 From: Rajesh Paul Date: Wed, 18 Aug 2021 18:18:51 +0530 Subject: [PATCH 5/5] typo fix Signed-off-by: Rajesh Paul --- .../test/integration/default/inspec/controls/install-check.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb index f61209934..27e71cd4e 100644 --- a/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb +++ b/omnibus/cookbooks/omnibus-supermarket/test/integration/default/inspec/controls/install-check.rb @@ -85,7 +85,7 @@ describe "http GET to Port #{property['supermarket']['nginx']['non_ssl_port']}" do subject { http("http://localhost:#{property['supermarket']['nginx']['non_ssl_port']}") } it 'should not include server version number in response headers' do - expect(subject.headers.server).to.be_nil + expect(subject.headers.server).to be_nil end end @@ -97,7 +97,7 @@ describe http("https://#{property['supermarket']['fqdn']}:#{property['supermarket']['nginx']['ssl_port']}", ssl_verify: false) do it 'should not include server version number in response headers' do - expect(subject.headers.server).to.be_nil + expect(subject.headers.server).to be_nil end its('headers.keys') { should include('strict-transport-security') }