Declaring the Server Name is a Security Risk, You Can Change the Server Name From Nginx to Apache2 or What You Want. It is Easier on Ubuntu. For non-deb Linux distort, the only way to change is to compile from the source, which is pathetically bad and big work for many running instances. Debian/Ubuntu has some advantages. If you are using apt for OS X, you can use this trick to change Nginx server name. You can directly go to the Change Nginx Server Name in Header on Ubuntu Server With HttpHeadersMoreModule sub header if you are using Ubuntu. This conventional way is kept as legacy method.
Traditional Way to Change Nginx Server Name in Header on Ubuntu Server
If we run curl -I for our website, we will get this :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | ➜ ~ curl -I https://thecustomizewindows.com HTTP/1.1 200 OK Server: nginx Date: Sun, 19 Apr 2015 02:58:32 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.5.9-1ubuntu4.7 Set-Cookie: PHPSESSID=57riuklgncj2ej0n936r2tq2g1; path=/ Expires: Sat, 13 Feb 2016 02:58:32 GMT Cache-Control: max-age=25920000 Pragma: no-cache X-Pingback: https://thecustomizewindows.com/xmlrpc.php X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Public-Key-Pins: pin-sha256="cTvjlwJ90gznKckrq+Le+9w5ncyKFwzLJOkgMBNoX2M="; max-age=5184000; includeSubDomains Cache-Control: Public Alternate-Protocol: 443:npn-spdy/3 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload |
We are talking about the third line – Server: nginx. X-Powered-By: PHP/5.5.9-1ubuntu4.7 is coming from PHP. This also shroud be changed, which is PHP related matter. Removing the version is very easy. You need to add :
---
1 | server_tokens off; |
in etc/nginx/nginx.conf file. For changing at compilation level, if you are building nginx kept at /src/nginx/, cd and open this file with nano :
1 2 | cd /src/nginx/ nano src/http/ngx_http_header_filter_module.c |
Find these two lines :
1 2 | static char ngx_http_server_string[] = "Server: nginx" CRLF; static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF; |
That nginx and NGINX_VER has to be changed.
Change Nginx Server Name in Header on Ubuntu Server With HttpHeadersMoreModule
HttpHeadersMoreModule gives the way to use this directive :
1 2 3 4 5 6 7 8 9 | # set the Server output header more_set_headers 'Server: Apache2'; # set and clear output headers location /bar { more_set_headers 'X-MyHeader: blah' 'X-MyHeader2: foo'; more_set_headers -t 'text/plain text/css' 'Content-Type: text/foo'; more_set_headers -s '400 404 500 503' -s 413 'Foo: Bar'; more_clear_headers 'Content-Type'; } |
In official websites you will get lot of examples. We are talking about using only more_set_headers 'Server: Apache2'; part. Others are additional usage. nginx is available in three flavors – nginx-light, nginx-full, nginx-extras. The others are – nginx-core, nginx-naxsi etc. When we use apt-get install nginx, the medium thing is installed. If we use apt-get install nginx nginx-extras command, we will get this module without compilation. In deb wiki, you’ll get more details :
1 | https://wiki.debian.org/Nginx # copy the url to plain text editor first |
Do not run the apt-get install nginx nginx-extras command, without taking backup of the /etc/nginx/nginx.conf and config file your site, usually this – /etc/nginx/sites-available/default. If you are using OpenStack, then you can take a snapshot and work with the kind of dev instance. For HTTPS sites, actually you’ll have to work a lot only for adding the things. There is no informative info when we run the apt-get install nginx command, this creates the problem. Otherwise almost all would use the extras version, frankly; this is the right stuff for most commonly used setups.
