Tutorial
How To Customize Your Nginx Server Name After Compiling From Source In CentOS
Introduction
As a follow up to the article on how to compile nginx from source, this tutorial helps you customize the name of the server on your host. Usually, companies modify the server names for security reasons. If a vulnerability is found in a particular version of the webserver, hackers can replicate it to exploit the behaviour.
Customizing the name of your nginx server requires modifying source code (this tutorial will guide you step by step) and requires re-compilation from the previous article.
Finding your server’s version
curl -I http://example.com/
HTTP/1.1 200 OK
Server: nginx/1.5.6 # <-- this is the version of nginx you currently use
Date: Thu, 17 Nov 2013 20:40:18 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 17 Nov 2013 20:37:02 GMT
Connection: keep-alive
ETag: "51f18c6e-264"
Accept-Ranges: bytes
Change the Nginx Server Strings
Go back to the nginx source directory from the last tutorial. You should look at the previous tutorial on compiling from source after the “Downloading the source code” section.
cd ~/src/nginx/
vi +49 src/http/ngx_http_header_filter_module.c
Find the lines:
static char ngx_http_server_string[] = "Server: nginx" CRLF;
static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
and modify to:
static char ngx_http_server_string[] = "Server: the-ocean" CRLF;
static char ngx_http_server_full_string[] = "Server: the-ocean" CRLF;
Recompile Nginx with New Options
You need to follow this guide to look at the configure options or search from your command line history:
./configure ...
make
make install
Stop Displaying Server Version in Configuration
vi +19 /etc/nginx/nginx.conf
Add the line under http configuration. Repeat for https if you have the section
http {
...
server_tokens off;
....
Restart the Nginx Service
We need to restart nginx since the nginx file has changed:
service nginx restart
Verify the Results
Let’s verify if we see the server information now:
curl -I http://example.com/
HTTP/1.1 200 OK
Server: the-ocean
Date: Thu, 17 Nov 2013 20:50:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 17 Nov 2013 20:37:02 GMT
Connection: keep-alive
ETag: "51f18c6e-264"
Accept-Ranges: bytes
<div class=“author”><a href=“http://sair.am/”>By Sairam Kunala</a></div>
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
author
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hi…
This a nice trick, btw you also could modify the Nginx server name without hard-coded change the source file by using Headers more module.
Then, you enable it through nginx.conf file such as below
I use this method for my LEMPer stack (https://github.com/joglomedia/LEMPer)
Regards
If you want to remove or edit the nginx server string without compiling and you installed nginx using apt-get in Debian or Ubuntu (It might apply to CentOs too), you can install the package nginx-extras to set or clear “Server” header. Once this is done, you can add the lines below in nginx.conf (usually /etc/nginx/nginx.conf):
To clear the “Server” header altogether:
To Set a custom string as “Server”
REFERENCE: http://serverfault.com/a/766634/108103
Hello, How i can change name server nginx-xxxx to other name after installed nginx in centos server ?
I did try this but it did not work!
@Kamal Nasser: Cool! Thanx!
@xandr0s: Edit lines 22 and 29 of the following file: <a href=“https://github.com/nginx/nginx/blob/b4f0587460c1cec132bbf547b658057a674aa94e/src/http/ngx_http_special_response.c”>https://github.com/nginx/nginx/blob/b4f0587460c1cec132bbf547b658057a674aa94e/src/http/ngx_http_special_response.c</a>.
Ok. curl say custom name of server. But how I can modify info in server token, e.g. on error pages?
Dammit, how do I edit? I didn’t meant to post just that - anyway, what I was trying to say was that I’d come here to post exactly what JP said… great Jonathans think alike!
Also, as found on StackOverflow…
"f you are using nginx to proxy a back-end application and want the back-end to advertise its own Server: header without nginx overwriting it, then you can go inside of your server {…} stanza and set:
proxy_pass_header Server; That will convince nginx to leave that header alone and not rewrite the value set by the back-end."
And if you ARE going to be compiling, you might as well compile in the HttpHeadersMoreModule http://wiki.nginx.org/HttpHeadersMoreModule.
Personally, I prefer the idea of leaving in the Nginx identifier and removing the version. No special compiling needed, and it lets people know how fast this great webserver/proxy/everything is growing.
If you can’t or don’t want to re-compile nginx but still want to obscure the version number for security reasons then you can specify in your nginx .conf whether to include the version number in errors and the header responses, see http://wiki.nginx.org/HttpCoreModule#server_tokens and http://www.nginxtips.com/how-to-hide-nginx-version/