Skip to main content

Add custom HTTP headers to NGINX in Puppet Enterprise

Selvakumar Subburaj
  • Updated

Your company's policies might require specific HTTP headers and values to be set based on a security audit or other requirements. You can use the steps in this article to add custom HTTP headers to NGINX to meet your security requirements.

Version and installation information

PE version: All supported versions

Solution

Caution: We provide support for headers that ship with Puppet Enterprise. HTTP headers in future versions of Puppet Enterprise might change. Adding custom headers that aren’t tested and shipped with Puppet Enterprise might result in unexpected behavior. As such, we are unable to provide support for any custom headers that you implement in your deployment.

To add custom headers to NGINX, complete all of the following steps on the master.

  1. Define the headers in a separate file.

    We'll use the custom module nginxcustom as an example, with the following location and structure:

    /etc/puppetlabs/code/environments/production/modules/nginxcustom
     
├── files 
│       └── headers.conf 
└── manifests 
	└── init.pp 
    [root@pe-201920-master nginxcustom]# cat files/headers.conf
 
#Custom headers 
add_header X-Frame-Options SAMEORIGIN; 
add_header X-Content-Type-Options nosniff; 
add_header X-XSS-Protection '1; mode=block'; 
add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload;';

  2. Manage headers.conf with a file resource in Puppet. In source, point to the module that you’re using to manage your NGINX headers.conf file.

    [root@pe-201920-master nginxcustom]# cat manifests/init.pp 
    #File resource to create headers.conf 
    class nginxcustom { 
       file { '/etc/puppetlabs/nginx/headers.conf': 
         ensure => file, 
         group => 'root', 
         owner => 'root', 
         mode => '0644', 
         source =>'puppet:///modules/nginxcustom/headers.conf', 
        }
    }

  3. In the same manifest, add the following to use pe_nginx::directive to include headers.conf in proxy.conf

    #Nginx directive to add include statement 
pe_nginx::directive { 'include custom headers': 
directive_ensure => 'present', 
target => '/etc/puppetlabs/nginx/conf.d/proxy.conf', 
directive_name => 'include', 
value => 'headers.conf', 
server_context => $::fqdn, } 
}

  4. Run puppet: puppet agent -t

If the custom headers are not generated, in header.conf add the always directive to the end of add_header directive. For example: 

  add_header X-Frame-Options SAMEORIGIN always;

Learn more about the directive from NGINX’s documentation.

Did this solve your problem?
0 out of 4 found this helpful

How can we improve this article?

0 comments

Please sign in to leave a comment.

Related articles