Hide nginx version number

When Apache HTTPD server pretty much entirely dominated the market, one of the first tasks admin would do was to hide version number:

ServerTokens ProductOnly

Remember this tag? :)

Nowadays as nginx is so popular, especially if you need high performance reverse proxy (WriteFreely runs behind proxy too), it might be useful to hide it's version number.

If you are on CentOS or Red Hat Enterprise Linux, nginx configuration is located at:

/etc/nginx/nginx.conf

Setting that needs to be added is very similar to Apache's:

server_tokens off;

Make sure to add it in http context. You might already have configuration file for your “virtual host” similar like:

/etc/nginx/conf.d/fedi_dev.conf

Since files under conf.d are automatically included in http context, all you need is to add server_tokens in the beginning of the file.

Restart nginx and there you go – instead of:

Server: nginx/1.15.7

we will see:

Server: nginx

Success!

Stay tuned for more #nginx #server tips.

Care to comment? Toot me on Mastodon: @gytis@mastodon.lt.


My name is Gytis Repečka, I am Solution Architect and data professional. I enjoy using, promoting and contributing to open source software and love communicating about tech to both advanced and non-tech people. Visit Inretio for consulting services. Comment by mentioning me @gytisrepecka@social.gyt.is on Fediverse.