Add a header globally for all servers
Sergey A. Osokin
osa at freebsd.org.ru
Wed Nov 12 13:35:32 UTC 2025
Hi Jeffrey,
hope you're doing well.
On Tue, Nov 11, 2025 at 03:37:55PM -0500, Jeffrey Walton wrote:
>
> I'd like to add the nosniff content option to all pages served by
> Nginx. When I attempt to set the option:
>
> $ cat /etc/nginx/conf.d/nosniff.conf
> # Prevent MIME type sniffing attacks
> http {
> add_header X-Content-Type-Options "nosniff" always;
> }
>
> It results in:
>
> $ sudo nginx -t
> nginx: [emerg] "http" directive is not allowed here in
> /etc/nginx/conf.d/nosniff.conf:2
> nginx: configuration file /etc/nginx/nginx.conf test failed
>
> I don't want to modify /etc/nginx/nginx.conf since it is owned by the
> package, and not me. On upgrade, my changes could/would be lost when
> I take the maintainers version of the conf file.
>
> What should I do to add the nosniff content option to all pages served by Nginx?
My assumptions are the following:
1. the main configuration file, /etc/nginx/nginx.conf, defines
http { ... } block;
2. the main configuration file, /etc/nginx/nginx.conf, includes
directive with the "/etc/nginx/conf.d/*.conf" parameter, and
that leads including all "*.conf" files;
3. creation of the /etc/nginx/conf.d/nosniff.conf with another
http { ... } block cause an error and the root cause is two
http { ... } blocks in the nginx whole configuration file.
Another assumption is this nginx instance is running on a GNU/Linux
operating system, so /etc/nginx/conf.d/default.conf may take place.
One of the tricks might be zeroed the last configuration file,
but keep it in place, which preventing an upgrade package process
recretes it.
Hope that helps.
--
Sergey A. Osokin
https://tipi.work/ - modern load balancing solutions
More information about the nginx
mailing list