Skip to main content

Add custom HTTP headers to NGINX in Puppet Enterprise

Selvakumar Azhagarsami
  • Updated

Your company’s policies might require specific HTTP headers and values to be set based on a security audit or other requirements. You can use the steps in this article to add custom HTTP headers to NGINX to meet your security requirements.

Version and installation information

PE version: All supported versions

Solution

Caution: We provide support for headers that ship with Puppet Enterprise. HTTP headers in future versions of Puppet Enterprise might change. Adding custom headers that aren’t tested and shipped with Puppet Enterprise might result in unexpected behavior. As such, our team is unable to provide support for custom headers that you implement in your deployment.

In the example provided in the following steps, the custom module nginxcustom is used, with the following location and structure:

/etc/puppetlabs/code/environments/production/modules/nginxcustom

├── files
│       └── headers.conf
└── manifests
    └── init.pp

To add custom headers to NGINX, complete the following steps on the primary server.

  1. Define the headers in a separate file. Create a new file named /etc/puppetlabs/code/environments/production/modules/nginxcustom/files/headers.conf with the following contents:

    #Custom headers
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection '1; mode=block';
add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload;';

  2. Manage headers.conf with a file resource in Puppet. In that code, point to the module that you’re using to manage your NGINX headers.conf file. Create a new file named /etc/puppetlabs/code/environments/production/modules/nginxcustom/manifests/init.pp with the following contents.

    #File resource to create headers.conf

class nginxcustom {
    file { '/etc/puppetlabs/nginx/headers.conf':
           ensure   => file,
           group    => 'root',
           owner    => 'root',
           mode     => '0644',
           source   =>'puppet:///modules/nginxcustom/headers.conf',
      }

  3. To include headers.conf in proxy.conf, add the following code to the end of the manifest that you created in the last step:

    #Nginx directive to add include statement

pe_nginx::directive { 'include custom headers':
    directive_ensure => 'present',
    target           => '/etc/puppetlabs/nginx/conf.d/proxy.conf',
    directive_name   => 'include',
    value            => 'headers.conf',
    server_context   => $::fqdn,
    }
}

  4. To generate custom headers, run puppet: puppet agent -t

If the custom headers are not generated, in header.conf add the always directive to the end of add_header directive. For example:

add_header X-Frame-Options SAMEORIGIN always;

Learn more about the add_header directive from NGINX’s documentation.

Did this solve your problem?
0 out of 4 found this helpful

How can we improve this article?

0 comments

Please sign in to leave a comment.

Related articles