For a long time on my to-do list, but postponed due to perceived complexity: adding X-Clacks-Overhead.
Now I got around to looking into what is actually involved, and… It’s not all that convoluted. For nginX it a single line to be added in a server, location or http block.
add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
Next up was finding the right file in the Yunohost setup of nginX: I did find a single (default) sites-available, but no sites-enabled.
All configuration is put in the conf-directories, where I put the additional header in the conf of the main site in the server section.
Now first see that the header is not there before reloading nginX:
~# curl -IL mysite.tld HTTP/1.1 302 Moved Temporarily Server: nginx Date: Sat, 28 Dec 2019 11:23:13 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive X-SSO-WAT: You've just been SSOed Location: https://mysite.tld/yunohost/sso/?r=aHR0cHM6Ly9zYW55aS5ubC8=
See? No X-Clacks header. Reload nginX…
service nginx reload
… and have a look at the headers again:
~# curl -IL mysite.tld
HTTP/1.1 302 Moved Temporarily
Date: Sat, 28 Dec 2019 11:25:52 GMT
X-SSO-WAT: You've just been SSOed
X-Clacks-Overhead: GNU Terry Pratchett
It now shows at the bottom line.
Actually the X-Clacks-Overhead is only added to the HTTP 1.1 headers. The HTTP 2 headers omit the header at the moment. After rereading the config, I added the header to the server listening at port 80 over HTTP 1.1; it gets forwarded to port 443 over HTTP 2. That block did not have the header. After adding the header there as well, the HTTP 2 headers show the X-Clacks-Overhead as well:
~# curl -IL mysite.tld HTTP/2 404 server: nginx date: Sat, 28 Dec 2019 11:33:18 GMT content-type: text/html content-length: 162 x-sso-wat: You've just been SSOed set-cookie: SSOwAuthRedirect=;; Path=/yunohost/sso/; Expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; HttpOnly; SameSite=Lax ;; strict-transport-security: max-age=63072000; includeSubDomains; preload content-security-policy: upgrade-insecure-requests content-security-policy-report-only: default-src https: data: 'unsafe-inline' 'unsafe-eval' x-content-type-options: nosniff x-xss-protection: 1; mode=block x-download-options: noopen x-permitted-cross-domain-policies: none x-frame-options: SAMEORIGIN x-clacks-overhead: GNU Terry Pratchett
One difference between the two header blocks, is that the HTTP1.1 block is capitalized, whereas the HTTP2 block is not. Fine with me 🙂
So, two points of my mental to-do list, one for the Clacks itself and one for moving it from a mental to-do list to a physical (of some sort) to-do list.