In this tutorial, we will show you how to hide Nginx Server Header on your Linux server. In default Nginx configuration, the server sends HTTP Header with the information of the Nginx version number of the Server. The HTTP response header “Server” displays the version number of the server. This information can be used to try to exploit any vulnerabilities in the Nginx, especially if you are running an older version with known vulnerabilities. Hiding the Nginx version is very easy and it’s done using the server_tokens directive. This tutorial helps you customize the name of the server on your host.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges.
Prerequisites
- A server running one of the following operating systems: RHEL-based such as CentOS, AlmaLinux, or Rocky Linux.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Hide Nginx Server Header
Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.
sudo apt update sudo apt upgrade sudo apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common
Step 2. Installing Nginx.
Nginx is available in the official Fedora/CentOS or Rocky Linux repository and can be easily installed using the dnf package manager. To install Nginx, run the following command:
sudo dnf install nginx
Once the installation is complete, start the Nginx service and enable it to start automatically on boot by running the following commands:
sudo systemctl start nginx sudo systemctl enable nginx
Step 3. How to Hide the Nginx Server Header.
- Method 1. Using the Nginx Configuration File.
The first method for hiding the Nginx server header is to use the Nginx configuration file. To do this, you will need to modify the server block in your Nginx configuration file to include the following code:
nano /etc/nginx/nginx.conf
Add the following file:
server {
server_tokens off;
...
}
Save and close the file, then restart the Nginx web server using the following command below:
sudo systemctl restart nginx
- Method 2. Using a Module.
The second method for hiding the Nginx server header is to use a module. There are several modules available that can be used to hide the Nginx server header, including the headers-more module. To use this module, you will need to install it on your server and then modify your Nginx configuration file to include the following code:
server {
more_set_headers 'Server:';
...
}
The more_set_headers 'Server:' directive tells the headers-more module to remove the server header from the response. Once you have added this code, you will need to restart Nginx to apply the changes.
Let’s verify if we see the server information now:
curl -I http://idroot.us/ HTTP/1.1 200 OK Server: nginx Date: Sun, 03 Feb 2023 06:06:46 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Pingback: http://idroot.us/xmlrpc.php
Congratulations! You have successfully hidden the Nginx version. Thanks for using this tutorial for hiding the Nginx version in the Linux system. For additional help or useful information, we recommend you check the official Nginx website.
