Nginx Server typically displays server information such as version number, OS type, etc on its error pages and response headers. Attackers can use this information to determine your server configuration and exploit vulnerabilities. It is recommended that you hide Nginx server version number to protect your website. Here’s how to hide Nginx Server Version Number in Linux.
How to Hide Nginx Server Version Number in Linux
Just like in Apache, the server_tokens directive is responsible for showing the server version number and OS type in error pages and response headers. Go to a web page on your website, that doesn’t exist, you’ll get a 404:not found error as shown below.
To disable it, simply turn off server_tokens directive in /etc/nginx/nginx.conf config file. Open the config file in a text editor.
$ sudo vi /etc/nginx/nginx.conf
Add the following line to http context
After adding the above line, restart Nginx server to apply changes
$ sudo systemctl restart nginx
No when you go to a page that does not exist, you’ll see the updated message
That’s it! Now you can hide Nginx server number in Linux.
How to Hide Server Name (optional)
If you want to hide/change even “nginx” from server response, then install nginx-extras on Ubuntu/Debians systems
$ sudo apt-get update $ sudo apt-get install nginx-extras
Then add the following line to http context,
more_set_headers "Server: Web Server";
Unfortunately, for CentOS/RHEL systems, there is no easy way to install nginx-extras. You will have to compile Nginx from source and include –build=name (name is the server name you want to display) argument to set the server name.