custom headers to remove

confs/site/server.conf

@@ -16,7 +16,7 @@ server {
 	%LIMIT_REQ%
 	%AUTH_BASIC%
 	%USE_PHP%
-	%HEADER_SERVER%
+	%REMOVE_HEADERS%
 	%X_FRAME_OPTIONS%
 	%X_XSS_PROTECTION%
 	%X_CONTENT_TYPE_OPTIONS%

entrypoint/defaults.sh

@@ -33,7 +33,7 @@ BROTLI_MIN_LENGTH="${BROTLI_MIN_LENGTH-1000}"
 BROTLI_TYPES="${BROTLI_TYPES-application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml}"
 REMOTE_PHP_PATH="${REMOTE_PHP_PATH-/app}"
 USE_REVERSE_PROXY="${USE_REVERSE_PROXY-no}"
-HEADER_SERVER="${HEADER_SERVER-no}"
+REMOVE_HEADERS="${REMOVE_HEADERS-Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"
 X_FRAME_OPTIONS="${X_FRAME_OPTIONS-DENY}"
 X_XSS_PROTECTION="${X_XSS_PROTECTION-1; mode=block}"
 X_CONTENT_TYPE_OPTIONS="${X_CONTENT_TYPE_OPTIONS-nosniff}"

entrypoint/site-config.sh

@@ -147,11 +147,15 @@ else
         replace_in_file "${NGINX_PREFIX}server.conf" "%SERVE_FILES%" ""
 fi
 
-# remove server header
+# remove headers
-if [ "$HEADER_SERVER" = "yes" ] ; then
+if [ "$REMOVE_HEADERS" != "" ] ; then
-	replace_in_file "${NGINX_PREFIX}server.conf" "%HEADER_SERVER%" ""
+	remove=""
+	for header in $REMOVE_HEADERS ; do
+		remove="${remove}more_clear_headers '$header';\n"
+	done
+	replace_in_file "${NGINX_PREFIX}server.conf" "%REMOVE_HEADERS%" "$remove"
 else
-	replace_in_file "${NGINX_PREFIX}server.conf" "%HEADER_SERVER%" "more_clear_headers 'Server';"
+	replace_in_file "${NGINX_PREFIX}server.conf" "%REMOVE_HEADERS%" ""
 fi
 
 # X-Frame-Options header