From a99cef9b7a53f846a19b7cd70f5abcfe84272188 Mon Sep 17 00:00:00 2001
From: Alec Muffett <alec.muffett@gmail.com>
Date: Sat, 5 Mar 2022 18:31:41 +0000
Subject: [PATCH] commit: first cut

---
 lib.d/do-configure.pl      |  4 +++-
 lib.d/lint.pl              |  4 +++-
 templates.d/nginx.conf.txt | 11 ++++++++++-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/lib.d/do-configure.pl b/lib.d/do-configure.pl
index 1af4a8e..a30f547 100755
--- a/lib.d/do-configure.pl
+++ b/lib.d/do-configure.pl
@@ -1,7 +1,7 @@
 #!/bin/sh
 exec perl -wx $0 "$@";
 #!perl
-# eotk (c) 2017-2021 Alec Muffett
+# eotk (c) 2017-2022 Alec Muffett
 
 use Data::Dumper;
 
@@ -586,6 +586,7 @@ sub DoProject {
 &SetEnv("suppress_header_hsts", 1); # 1 = elide completely
 &SetEnv("suppress_methods_except_get", 0); # 1 = GET/HEAD Only
 &SetEnv("suppress_tor2web", 1); # 1 = block access by tor2web sites
+
 &SetEnv("template_tool", "$here/lib.d/expand-template.pl");
 &SetEnv("tor_single_onion", 1);
 &SetEnv("tor_syslog", "notice"); # https://www.torproject.org/docs/tor-manual.html.en
@@ -630,6 +631,7 @@ my @set_blank = qw(
     host_blacklist_re
     host_whitelist
     host_whitelist_re
+    inject_headers_upstream
     inject_origin
     inject_referer
     kludge_disable_sri
diff --git a/lib.d/lint.pl b/lib.d/lint.pl
index d61db0f..f79d4ae 100755
--- a/lib.d/lint.pl
+++ b/lib.d/lint.pl
@@ -1,7 +1,7 @@
 #!/bin/sh
 exec perl -x $0 "$@";
 #!perl
-# eotk (c) 2017-2021 Alec Muffett
+# eotk (c) 2017-2022 Alec Muffett
 
 my %known =
     (
@@ -52,6 +52,7 @@ my %known =
      'HOST_BLACKLIST_RE' => 1,
      'HOST_WHITELIST' => 1,
      'HOST_WHITELIST_RE' => 1,
+     'INJECT_HEADERS_UPSTREAM' => 1,
      'INJECT_ORIGIN' => 1,
      'INJECT_REFERER' => 1,
      'IS_SOFTMAP' => 1,
@@ -97,6 +98,7 @@ my %known =
      'ONION_ADDRESS_RE6' => 1,
      'ONION_ADDRESS_RE8' => 1,
      'ONION_DIRNAME' => 1,
+     'ONION_TRUNCATED' => 1,
      'ONION_VERSION' => 1,
      'ORIGIN_BLACKLIST' => 1,
      'ORIGIN_BLACKLIST_RE' => 1,
diff --git a/templates.d/nginx.conf.txt b/templates.d/nginx.conf.txt
index a23253f..d5db481 100644
--- a/templates.d/nginx.conf.txt
+++ b/templates.d/nginx.conf.txt
@@ -1,6 +1,6 @@
 # -*- awk -*-
 # EMACS awk mode works quite well for nginx configs
-# eotk (c) 2017-2021 Alec Muffett
+# eotk (c) 2017-2022 Alec Muffett
 
 # TODO LIST:
 
@@ -787,6 +787,15 @@ http {
       # https://blog.g3rt.nl/nginx-add_header-pitfall.html
 
       # request_rewrites and injections:
+      %%IF %INJECT_HEADERS_UPSTREAM%
+      # inject_headers_upstream
+      %%CSV %INJECT_HEADERS_UPSTREAM%
+      proxy_set_header %1% "%2%";
+      %%ENDCSV
+      %%ELSE
+      # no inject_headers_upstream
+      %%ENDIF
+
       proxy_set_header X-From-Onion %X_FROM_ONION_VALUE%;
       proxy_set_header Host "${servernamesubdomain}%DNS_DOMAIN%";
       proxy_set_header Accept-Encoding "identity";