For a long time on my to-do list, but postponed due to perceived complexity: adding X-Clacks-Overhead. <\/p>\n\n\n\n
Now I got around to looking into what is actually involved, and… It’s not all that convoluted. For nginX it a single line to be added in a server, location or http block. <\/p>\n\n\n\n
add_header X-Clacks-Overhead \"GNU Terry Pratchett\" always;<\/pre>\n\n\n\nNext up was finding the right file in the Yunohost setup of nginX: I did find a single (default) sites-available, but no sites-enabled. <\/p>\n\n\n\n
All configuration is put in the conf-directories, where I put the additional header in the conf of the main site in the server section. <\/p>\n\n\n\n
vi \/etc\/nginx\/conf.d\/mysite.tld.conf<\/pre>\n\n\n\nNow first see that the header is not there before reloading nginX:<\/p>\n\n\n\n
~# curl -IL mysite.tld\n HTTP\/1.1 302 Moved Temporarily\n Server: nginx\n Date: Sat, 28 Dec 2019 11:23:13 GMT\n Content-Type: text\/html\n Content-Length: 154\n Connection: keep-alive\n X-SSO-WAT: You've just been SSOed\n Location: https:\/\/mysite.tld\/yunohost\/sso\/?r=aHR0cHM6Ly9zYW55aS5ubC8=\n<\/pre>\n\n\n\nSee? No X-Clacks header. Reload nginX…<\/p>\n\n\n\n
service nginx reload <\/pre>\n\n\n\n… and have a look at the headers again:<\/p>\n\n\n\n
~# curl -IL mysite.tld
HTTP\/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 28 Dec 2019 11:25:52 GMT
Content-Type: text\/html
Content-Length: 154
Connection: keep-alive
X-SSO-WAT: You've just been SSOed
Location: https:\/\/mysite.tld\/yunohost\/sso\/?r=aHR0cHM6Ly9zYW55aS5ubC8=
X-Clacks-Overhead: GNU Terry Pratchett<\/pre>\n\n\n\nIt now shows at the bottom line.<\/p>\n\n\n\n
Actually the X-Clacks-Overhead is only added to the HTTP 1.1 headers. The HTTP 2 headers omit the header at the moment. After rereading the config, I added the header to the server listening at port 80 over HTTP 1.1; it gets forwarded to port 443 over HTTP 2. That block did not have the header. After adding the header there as well, the HTTP 2 headers show the X-Clacks-Overhead as well: <\/p>\n\n\n\n
~# curl -IL mysite.tld\n HTTP\/2 404 \n server: nginx\n date: Sat, 28 Dec 2019 11:33:18 GMT\n content-type: text\/html\n content-length: 162\n x-sso-wat: You've just been SSOed\n set-cookie: SSOwAuthRedirect=;; Path=\/yunohost\/sso\/; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; HttpOnly; SameSite=Lax ;;\n strict-transport-security: max-age=63072000; includeSubDomains; preload\n content-security-policy: upgrade-insecure-requests\n content-security-policy-report-only: default-src https: data: 'unsafe-inline' 'unsafe-eval'\n x-content-type-options: nosniff\n x-xss-protection: 1; mode=block\n x-download-options: noopen\n x-permitted-cross-domain-policies: none\n x-frame-options: SAMEORIGIN\n x-clacks-overhead: GNU Terry Pratchett<\/pre>\n\n\n\nOne difference between the two header blocks, is that the HTTP1.1 block is capitalized, whereas the HTTP2 block is not. Fine with me \ud83d\ude42<\/p>\n\n\n\n
So, two points of my mental to-do list, one for the Clacks itself and one for moving it from a mental to-do list to a physical (of some sort) to-do list. <\/p>\n