Your company’s policies might require specific HTTP headers and values to be set based on a security audit or other requirements. You can use the steps in this article to add custom HTTP headers to NGINX to meet your security requirements.
Version and installation information
PE version: All supported versions
Solution
Caution: We provide support for headers that ship with Puppet Enterprise. HTTP headers in future versions of Puppet Enterprise might change. Adding custom headers that aren’t tested and shipped with Puppet Enterprise might result in unexpected behavior. As such, our team is unable to provide support for custom headers that you implement in your deployment.
In the example provided in the following steps, the custom module nginxcustom
is used, with the following location and structure:
/etc/puppetlabs/code/environments/production/modules/nginxcustom
├── files
│ └── headers.conf
└── manifests
└── init.pp
To add custom headers to NGINX, complete the following steps on the primary server.
-
Define the headers in a separate file. Create a new file named
/etc/puppetlabs/code/environments/production/modules/nginxcustom/files/headers.conf
with the following contents:#Custom headers add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection '1; mode=block'; add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload;';
-
Manage
headers.conf
with a file resource in Puppet. In that code, point to the module that you’re using to manage your NGINXheaders.conf
file. Create a new file named/etc/puppetlabs/code/environments/production/modules/nginxcustom/manifests/init.pp
with the following contents.#File resource to create headers.conf class nginxcustom { file { '/etc/puppetlabs/nginx/headers.conf': ensure => file, group => 'root', owner => 'root', mode => '0644', source =>'puppet:///modules/nginxcustom/headers.conf', }
-
To include
headers.conf
inproxy.conf
, add the following code to the end of the manifest that you created in the last step:#Nginx directive to add include statement pe_nginx::directive { 'include custom headers': directive_ensure => 'present', target => '/etc/puppetlabs/nginx/conf.d/proxy.conf', directive_name => 'include', value => 'headers.conf', server_context => $::fqdn, } }
-
To generate custom headers, run puppet:
puppet agent -t
If the custom headers are not generated, in header.conf
add the always
directive to the end of add_header directive
. For example:
add_header X-Frame-Options SAMEORIGIN always;
Learn more about the add_header
directive from NGINX’s documentation.
How can we improve this article?
0 comments
Please sign in to leave a comment.
Related articles