How to Hide Nginx Version on Your Server

Endrit Qerreti

Endrit Qerreti

In this tutorial you will learn how to hide Nginx version from leaking to public. This step is a must, when parameter is not set to : server_tokens off, nginx version can be seen by visitors on error pages, this information doesn't make your site directly vulnerable but the less information you share to public the better.

Your site may be secured, but that version of nginx may be vulnerable which then makes your site vulnerable too.

Step 1 - Edit nginx.conf File

Use the command below to edit nginx.conf file, you can use nano or vim or any other editor you like.

nginx.conf file is located on /etc/nginx/nginx.conf

so to edit the file nginx.conf use this command

sudo nano /etc/nginx/nginx.conf


Step 2 - Uncomment, Set server_tokens off;

As you can see in the screenshot above, server_tokens off;  has # in the beginning which means the function is commented and not active, to make it active you need to remove the # and press ctrl + x to save the changes.

It should look like this.

Step 3 - Restart nginx

Once you have saved the changes on nginx.conf, you need to restart nginx server in order for these changes to take effect.

Type the following command to restart your server.

sudo systemctl restart nginx


If the above command doesn't work, you may try the older ones

sudo service nginx restart

or

sudo /etc/init.d/nginx restart

To confirm that function server_tokens off is active after restarting your server, you can check it with this command

curl -I your server IP/url

Conclusion

In this tutorial we explained step by step how to hide nginx version from leaking to public visitors on error or not configured correctly pages.