In this tutorial you will learn how to hide Nginx version from leaking to public. This step is a must, when parameter is not set to : server_tokens off, nginx version can be seen by visitors on error pages, this information doesn't make your site directly vulnerable but the less information you share to public the better.
Your site may be secured, but that version of nginx may be vulnerable which then makes your site vulnerable too.
Step 1 - Edit nginx.conf File
Use the command below to edit nginx.conf file, you can use nano or vim or any other editor you like.
nginx.conf file is located on /etc/nginx/nginx.conf
so to edit the file nginx.conf use this command
sudo nano /etc/nginx/nginx.conf
Step 2 - Uncomment, Set server_tokens off;
As you can see in the screenshot above, server_tokens off; has # in the beginning which means the function is commented and not active, to make it active you need to remove the # and press ctrl + x to save the changes.
It should look like this.
Step 3 - Restart nginx
Once you have saved the changes on nginx.conf, you need to restart nginx server in order for these changes to take effect.
Type the following command to restart your server.
sudo systemctl restart nginx
If the above command doesn't work, you may try the older ones
sudo service nginx restart
or
sudo /etc/init.d/nginx restart
To confirm that function server_tokens off is active after restarting your server, you can check it with this command
curl -I your server IP/url
Conclusion
In this tutorial we explained step by step how to hide nginx version from leaking to public visitors on error or not configured correctly pages.
