Remove "server:nginx" header
Nginx
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license. The only part that matters here is Nginx is free and open-source.
In this tutorial I will show you a way to remove the "server:nginx" header by editing the source code and compiling the server directly.
If you already have a nginx binary running in your distribution it is also possible to perform this trick, but you are required to have enough know-how in order to switch the binary seemlessly.
Assumptions
For the sake of brevity:
- I will assume the
nginxgroup and user already exists; - I will assume all the essential compiling software are available and up-to-date;
- I will assume your server has 4 CPUs;
- If available, your current nginx binary is not located at
/usr/local/bin/nginx;
Everything will be installed under /opt/nginx/
Download nginx's source code
Get the latest stable nginx code for your distribution, I'm using centos7 and nginx-1.22.1 is the one I chose.
Downloading and extracting my version:
wget https://nginx.org/download/nginx-1.22.1.tar.gz
tar xzf nginx-1.22.1.tar.gz
cd nginx-1.22.1
Editing the source code
Now we need to edit the source code. Because older versions are unlikely to change and describing in text how to edit files is so annoying, let's use sed instead.
sed -r -i 's/(static u_char ngx_http_server_string\[\]).*/\1 = "";/' src/http/ngx_http_header_filter_module.c
sed -r -i 's/(static u_char ngx_http_server_full_string\[\]).*/\1 = "";/' src/http/ngx_http_header_filter_module.c
sed -r -i 's/(static u_char ngx_http_server_build_string\[\]).*/\1 = "";/' src/http/ngx_http_header_filter_module.c
sed -r -i 's/if \(r->headers_out.server == NULL\) \{/if (0) {/' src/http/ngx_http_header_filter_module.c
sed -r -i 's/(static const u_char nginx)\[5\].*/\1[1]="\\x80";/' src/http/v2/ngx_http_v2_filter_module.c
sed -r -i 's/if \(r->headers_out.server == NULL\) \{/if (0) {/' src/http/v2/ngx_http_v2_filter_module.c
sed -r -i 's/"<hr><center>nginx<\/center>"//' src/http/ngx_http_special_response.c
sed -r -i 's/nginx//' html/index.html
By editing these files the "server:nginx" header will not be sent to the client and whenever there is a 5xx status code the nginx text will be absent too.
Compiling
When compiling any piece of software we have a big deal of freedom to pick and choose what is best for us. The configuration below should be edited if you wish to so do.
CONFIG="--prefix=/opt/nginx \
--conf-path=/opt/nginx/etc/nginx.conf \
--pid-path=/opt/nginx/var/run/nginx.pid \
--lock-path=/opt/nginx/var/run/nginx.lock \
--http-client-body-temp-path=/opt/nginx/var/cache/client_temp \
--http-proxy-temp-path=/opt/nginx/var/cache/proxy_temp \
--http-fastcgi-temp-path=/opt/nginx/var/cache/fastcgi_temp \
--http-uwsgi-temp-path=/opt/nginx/var/cache/uwsgi_temp \
--http-scgi-temp-path=/opt/nginx/var/cache/scgi_temp \
--modules-path=/opt/nginx/usr/lib/modules \
--sbin-path=/opt/nginx/usr/sbin/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_perl_module=dynamic \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-compat \
--with-file-aio \
--with-http_v2_module"
./configure $CONFIG && make -j4 && make install
Post compilation configuration
Moving the binary a public path is essential now. Let's use ln -s to create a symlink.
ln -s /opt/nginx/usr/sbin/nginx /usr/local/bin/nginx
Now you can create a service using whatever manager you are familiar with. Be sure to test if everything is working properly!
Now you can type nginx to run your server and configure it. When serving requests there will be no "server:nginx" header ever being sent to the clients!
dptoledo@pm.me