My issue:
How can I configure the server section from nginx fabric?
I want disable the server_token and add additional customizations
Solutions I’ve tried:
I’ve tried to use SnippetsFilter but it’s for http route
Version of NIC and/or NGINX:
latest
Deployment environment:
azure aks
Hi Stefano.
Thank you for your query. You are correct, currently SnippetsFilter is only associated with HTTPRoute. We were exploring the possibility of allowing snippets at the Gateway level, but due to their sensitivity (e.g., a snippet with mistakes could easily cause failures), we chose to stick with individual HTTPRoutes for now. We do, have an open issue here to support snippets at the Gateway level here. Snippets are generally considered for advanced NGINX users who understand the directives they need to use and how to configure them precisely. In this case, it’s clear that this is a good example of such usage, as you just need server_tokens off;. 
Ideally, this functionality could be implemented as a directive natively supported in one of our CRDs within NGINX Gateway Fabric, particularly the ClientSettingsPolicy. This would be the best approach on our side while snippets could act as a workaround when we add them to Gateway. I will speak to the team to see if we could add this directive at some point or if there are any potential workarounds in the meantime.
You can set server_tokens off at the location level too (e.g. as a snippet in HTTPRoute), I know you said server block, but just in case that helps..
Thanks for the response.
ClientSettingsPolicy is another good point to “inject” configuration. Maybe it can be a map of string and loaded from nginx as conf.d (like now).
Your suggestion to use snippet for server_tokens are good, but I need to customize errors to return our json formats.
No problem, this feedback is important. It sounds like supporting SnippetsFilter at the Gateway level can help with the more custom directives like custom error logging. We will look into that, it’s not the first time this came up and the issue is open, it just needs some thought. By the way, you could also apply SnippetsFilter http/server level, but it still attaches to the HTTPRoute, so technically you could still use it to turn it off everywhere.
There is an example of custom error logging here that might be helpful. The idea is to create a ‘fake’ route with a SnippetsFilter attached at the server level. This injects the snippet into your server block in the NGINX configuration, and it seems like things would work. You could also add server_tokens. Configurable Data Plane Log Format · Issue #1200 · nginx/nginx-gateway-fabric · GitHub
In other words, that route isn’t used, it just adds the necessary directives. This is very much a workaround though, but it is possible.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.