How to Hide Nginx Server Version in Linux

In this short article, we will show you how hide Nginx server version on error pages and in the “Server HTTP” response header field in Linux. This is one of the key recommended practices in securing your Nginx HTTP and proxy server.

Read Also: How to Hide Apache Version Number and Other Sensitive Info

This guide assumes that you already have Nginx installed on your system or setup the full LEMP stack by following any of these tutorials below based on your Linux distribution:

  1. How to Install LEMP (Linux, Nginx, MariaDB, PHP-FPM) on Debian 9 Stretch
  2. How to Install Nginx, MariaDB and PHP (FEMP) Stack on FreeBSD
  3. How To Install Nginx, MariaDB 10, PHP 7 (LEMP Stack) in 16.10/16.04
  4. Install Latest Nginx 1.10.1, MariaDB 10 and PHP 5.5/5.6 on RHEL/CentOS 7/6 & Fedora 20-26

The “server_tokens” directive is responsible for displaying the Nginx version number and Operating system on error pages and in the “Server” HTTP response header field as shown in the following screenshot.

Nginx Version Number
Nginx Version Number

To disable this, you need to turn off the server_tokens directive in /etc/nginx/nginx.conf configuration file.

# vi /etc/nginx/nginx.conf
OR
$ sudo nano /etc/nginx/nginx.conf

Add the following line to http context as shwon in the screen shot below.

server_tokens off;
Turn Off Server Tokens in Nginx
Turn Off Server Tokens in Nginx

After adding above line, save the file and restart Nginx server to take new changes into effect.

# systemctl restart nginx
OR
$ sudo systemctl restart nginx

Now verify if its working.

Hide Nginx Version
Hide Nginx Version

Note: This will only hide the server version number, but not the server signature (name). If you want to hide the server name, compile Nginx from sources and include the --build=name option to set a nginx build name.

If you are running PHP in your Nginx web server, I suggest you to Hide PHP Version Number.

To further secure and harden Nginx web server, check out our comprehensive guide to securing Nginx in Linux, which you will find useful:

  1. The Ultimate Guide to Secure, Harden and Improve Performance of Nginx Web Server

In this article, we explained you how to hide Nginx server version in error pages and “Server” HTTP response header field, in Linux. If you have any queries, use the comment form below to reach us.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

2 Comments

Leave a Reply
  1. You can edit /usr/sbin/nginx with an editor and change where it says nginx/x.x.x.x to 00000/x.x.x.x.

    Except where nginx call its files folder, where usually it is associated to …/nginx/somefile or /usr/share/nginx/somefile.

    nginx have 5 letters, replace its name for other 5 characters, not 4 not 6, 5 as it is.

    This is to change nginx name without having to compile it manually.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.