Snippets issue or misunderstanding

niltsiar · February 27, 2018, 8:08pm

Hi,

I’m trying the new snippets functionality in 0.10.11 but I think either I’m doing something wrong or they don’t work as I expect.

I’ve created one snippet like

(common) {
	gzip {
		level 9
	}
	tls mymail@mydomain.com {
		key_type rsa4096
	}
}

which is working flawlessly for each one of my sites.

Then I’m trying with another snippet of some code that I always repeat for my proxy directives:

(proxy_options) {
    transparent
    # Enable HTTP Strict Transport Security (HSTS) to force clients to always
    # connect via HTTPS (do not use if only testing)
    header_downstream Strict-Transport-Security "max-age=31536000;"
    # Enable cross-site filter (XSS) and tell browser to block detected attacks
    header_downstream X-XSS-Protection "1; mode=block"
    # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
    header_downstream X-Content-Type-Options "nosniff"
    # Disallow the site to be rendered within a frame (clickjacking protection)
    header_downstream X-Frame-Options "DENY"
}

I’m trying to apply it like

proxy / mysub.domain.com:80 {
    import proxy_options
}

but I’m getting the error Error during parsing: unknown property 'import' referenced to the line of the ìmport of the proxysection.

So, am I doing something wrong or have I misunderstood the functionality and it can’t be used in anywhere we want?

Thx

matt · February 27, 2018, 9:27pm

Snippets can’t be used within directives, so that’s probably why you’re getting that error. If you bring the whole directive into the snippet, it will be more useful for you!

pwhodges · February 27, 2018, 11:50pm

So in a case like that, where a directive may have several parameters but the first line specifies different addresses cannot be shortened using this facility? I guess this rather severely limits its use.

Whitestrake · February 27, 2018, 11:57pm

My understanding is that each directive is parsed by its own setup function, which would make importing inside a directive impossible unless that directive implemented its own import subdirective; it would be like trying to rewrite inside a log directive, or something.

pwhodges · February 28, 2018, 12:15am

I confess I would have thought it actually simpler to make it a simple text replacement macro, with the parsing following on. But I realise there might be reasons for this not to be so obvious.

matt · February 28, 2018, 2:41am

It’s something someone could look into. I’m not closed to the idea, as long as directives won’t need a word like import.

niltsiar · February 28, 2018, 7:37am

I agree with @pwhodges than if snippets can’t be used inside directives like proxy then the feature is a bit limited. Anyway, it’s a nice addition. I hope the functionality can be extended in the future.

Thank you all for the clarification.

system · May 29, 2018, 7:37am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.