As a follow up to the article on how to compile nginx from source, this tutorial helps you customize the name of the server on your host. Usually, companies modify the server names for security reasons. If a vulnerability is found in a particular version of the webserver, hackers can replicate it to exploit the behaviour.
Customizing the name of your nginx server requires modifying source code (this tutorial will guide you step by step) and requires re-compilation from the previous article.
curl -I http://example.com/
HTTP/1.1 200 OK
Server: nginx/1.5.6 # <-- this is the version of nginx you currently use
Date: Thu, 17 Nov 2013 20:40:18 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 17 Nov 2013 20:37:02 GMT
Connection: keep-alive
ETag: "51f18c6e-264"
Accept-Ranges: bytes
Go back to the nginx source directory from the last tutorial. You should look at the previous tutorial on compiling from source after the “Downloading the source code” section.
cd ~/src/nginx/
vi +49 src/http/ngx_http_header_filter_module.c
Find the lines:
static char ngx_http_server_string[] = "Server: nginx" CRLF;
static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
and modify to:
static char ngx_http_server_string[] = "Server: the-ocean" CRLF;
static char ngx_http_server_full_string[] = "Server: the-ocean" CRLF;
You need to follow this guide to look at the configure options or search from your command line history:
./configure ...
make
make install
vi +19 /etc/nginx/nginx.conf
Add the line under http configuration. Repeat for https if you have the section
http {
...
server_tokens off;
....
We need to restart nginx since the nginx file has changed:
service nginx restart
Let’s verify if we see the server information now:
curl -I http://example.com/
HTTP/1.1 200 OK
Server: the-ocean
Date: Thu, 17 Nov 2013 20:50:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 17 Nov 2013 20:37:02 GMT
Connection: keep-alive
ETag: "51f18c6e-264"
Accept-Ranges: bytes
<div class=“author”><a href=“http://sair.am/”>By Sairam Kunala</a></div>
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hi…
This a nice trick, btw you also could modify the Nginx server name without hard-coded change the source file by using Headers more module.
Then, you enable it through nginx.conf file such as below
I use this method for my LEMPer stack (https://github.com/joglomedia/LEMPer)
Regards
If you want to remove or edit the nginx server string without compiling and you installed nginx using apt-get in Debian or Ubuntu (It might apply to CentOs too), you can install the package nginx-extras to set or clear “Server” header. Once this is done, you can add the lines below in nginx.conf (usually /etc/nginx/nginx.conf):
To clear the “Server” header altogether:
To Set a custom string as “Server”
REFERENCE: http://serverfault.com/a/766634/108103
Hello, How i can change name server nginx-xxxx to other name after installed nginx in centos server ?
I did try this but it did not work!
@Kamal Nasser: Cool! Thanx!
@xandr0s: Edit lines 22 and 29 of the following file: <a href=“https://github.com/nginx/nginx/blob/b4f0587460c1cec132bbf547b658057a674aa94e/src/http/ngx_http_special_response.c”>https://github.com/nginx/nginx/blob/b4f0587460c1cec132bbf547b658057a674aa94e/src/http/ngx_http_special_response.c</a>.
Ok. curl say custom name of server. But how I can modify info in server token, e.g. on error pages?
Dammit, how do I edit? I didn’t meant to post just that - anyway, what I was trying to say was that I’d come here to post exactly what JP said… great Jonathans think alike!
Also, as found on StackOverflow…
"f you are using nginx to proxy a back-end application and want the back-end to advertise its own Server: header without nginx overwriting it, then you can go inside of your server {…} stanza and set:
proxy_pass_header Server; That will convince nginx to leave that header alone and not rewrite the value set by the back-end."
And if you ARE going to be compiling, you might as well compile in the HttpHeadersMoreModule http://wiki.nginx.org/HttpHeadersMoreModule.
Personally, I prefer the idea of leaving in the Nginx identifier and removing the version. No special compiling needed, and it lets people know how fast this great webserver/proxy/everything is growing.
If you can’t or don’t want to re-compile nginx but still want to obscure the version number for security reasons then you can specify in your nginx .conf whether to include the version number in errors and the header responses, see http://wiki.nginx.org/HttpCoreModule#server_tokens and http://www.nginxtips.com/how-to-hide-nginx-version/