There's an option to hide the version so it will display only nginx, but is there a way to hide that too so it will not show anything or change the header?
If you are using nginx to proxy a back-end application and want the back-end to advertise its own Server: header without nginx overwriting it, then you can go inside of your server {…} stanza and set:
proxy_pass_header Server;
That will convince nginx to leave that header alone and not rewrite the value set by the back-end.
The last update was a while ago, so here is what worked for me on Ubuntu:
sudo apt-get update
sudo apt-get install nginx-extras
Then add the following two lines to the http section of nginx.conf, which is usually located at /etc/nginx/nginx.conf:
sudo nano /etc/nginx/nginx.conf
server_tokens off; # removed pound sign
more_set_headers 'Server: Eff_You_Script_Kiddies!';
Also, don't forget to restart nginx with sudo service nginx restart.
Like Apache, this is a quick edit to the source and recompile. From Calomel.org:
The Server: string is the header which
is sent back to the client to tell
them what type of http server you are
running and possibly what version.
This string is used by places like
Alexia and Netcraft to collect
statistics about how many and of what
type of web server are live on the
Internet. To support the author and
statistics for Nginx we recommend
keeping this string as is. But, for
security you may not want people to
know what you are running and you can
change this in the source code. Edit
the source file
src/http/ngx_http_header_filter_module.c
at look at lines 48 and 49. You can
change the String to anything you
want.
## vi src/http/ngx_http_header_filter_module.c (lines 48 and 49)
static char ngx_http_server_string[] = "Server: MyDomain.com" CRLF;
static char ngx_http_server_full_string[] = "Server: MyDomain.com" CRLF;
March 2011 edit: Props to Flavius below for pointing out a new option, replacing Nginx's standard HttpHeadersModule with the forked HttpHeadersMoreModule. Recompiling the standard module is still the quick fix, and makes sense if you want to use the standard module and won't be changing the server string often. But if you want more than that, the HttpHeadersMoreModule is a strong project and lets you do all sorts of runtime black magic with your HTTP headers.
It’s very simple: Add these lines to server section:
server_tokens off;
more_set_headers 'Server: My Very Own Server';
Simple, edit /etc/nginx/nginx.conf and remove comment from
#server_tokens off;
Search for http section.
Install Nginx Extras
sudo apt-get update
sudo apt-get install nginx-extras
Server details can be removed from response by adding following two lines in the nginx.conf (under http section)
more_clear_headers Server;
server_tokens off;
There is a special module: http://wiki.nginx.org/NginxHttpHeadersMoreModule
This module allows you to add, set, or clear any output or input header that you specify.
This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server.
It also allows you to specify an optional HTTP status code criteria using the -s option and an optional content type criteria using the -t option while modifying the output headers with the more_set_headers and more_clear_headers directives...
If you're okay with just changing the header to another string five letters or fewer, you can simply patch the binary.
sed -i 's/nginx\r/thing\r/' `which nginx`
Which, as a solution, has a few notable advantages. Namely, that you can allow your nginx versioning to be handled by the package manager (so, no compiling from source) even if nginx-extras isn't available for your distro, and you don't need to worry about any of the additional code of something like nginx-extras being vulnerable.
Of course, you'll also want to set the option server_tokens off, to hide the version number, or patch that format string as well.
I say "five letters or fewer" because of course you can always replace:
nginx\r\0
with
bob\r\0\r\0
leaving the last two bytes unchanged.
If you actually want more than five characters, you'll want to leave server_tokens on, and replace the (slightly longer) format string, although again there's an upper limit on that length imposed by the length of the format string - 1 (for the carriage return).
...If none of the above makes sense to you, or you've never patched a binary before, you may want to stay away from this approach, though.
According to nginx documentation it supports custom values or even the exclusion:
Syntax: server_tokens on | off | build | string;
but sadly only with a commercial subscription:
Additionally, as part of our commercial subscription, starting from
version 1.9.13 the signature on error pages and the “Server” response
header field value can be set explicitly using the string with
variables. An empty string disables the emission of the “Server”
field.
After I read Parthian Shot's answer, I dig into /usr/sbin/nginx binary file. Then I found out that the file contains these three lines.
Server: nginx/1.12.2
Server: nginx/1.12.2
Server: nginx
Basically first two of them are meant for server_tokens on; directive (Server version included).
Then I change the search criteria to match those lines within the binary file.
sed -i 's/Server: nginx/Server: thing/' `which nginx`
After I dig farther I found out that the error message produced by nginx is also included in this file.
<hr><center>nginx</center>
There are three of them, one without the version, two of them included the version. So I run the following command to replace nginx string within the error message.
sed -i 's/center>nginx/center>thing/' `which nginx`
The only way is to modify the file src/http/ngx_http_header_filter_module.c . I changed nginx on line 48 to a different string.
What you can do in the nginx config file is to set server_tokens to off. This will prevent nginx from printing the version number.
To check things out, try curl -I http://vurbu.com/ | grep Server
It should return
Server: Hai
I know the post is kinda old, but I have found a solution easy that works on Debian based distribution without compiling nginx from source.
First install nginx-extras package
sudo apt install nginx-extras
Then load the nginx http headers more module by editing nginx.conf and adding the following line inside the server block
load_module modules/ngx_http_headers_more_filter_module.so;
Once it's done you'll have access to both more_set_headers and more_clear_headers directives.
Expanding on Parthian Shot's answer, you can actually replace the whole header and not only the value as long as the total length is the same:
sed -i 's/Server: nginx/My-Header: hi/' `which nginx`
Nginx-extra package is deprecated now.
The following therefore did now work for me as i tried installing various packages
more_set_headers 'Server: My Very Own Server';
You can just do the following and no server or version information will be sent back
server_tokens '';
if you just want to remove the version number this works
server_tokens off;
Are you asking about the Server header value in the response? You can try changing that with an add_header directive, but I'm not sure if it'll work. http://wiki.codemongers.com/NginxHttpHeadersModule
Wondering if anyone knows how to install with tcp enabled? Something like below? I
yum install docker --tcp-enabled --host 0.0.0.0
I understand I can go and manual change OPTIONS in /etc/sysconfig/docker.
I am trying to provision a server with a fresh docker install through scripts and I do not want to log onto the box and make these changes, everytime a new version comes out. I also understand I can just use a script with sed/awk to do this, But just wondering if easier way, without having to maintain a script.
My preferred solution is to use /etc/docker/daemon.json. This will let you add options to just about any install.
Note that I don't believe this will unset options that were defined on the command line, it's designed to let you use both. Those command line options are defined by your startup script, which from your description is systemd on a RedHat/CentOS environment with /etc/sysconfig/docker injected environment variables (you won't see this on other platforms like Debian). So if you need to remove an option, you'll still need to update your /etc/sysconfig/docker.
I need to add a separate login page before Swagger UI for authentication from another server. From this request I will get a key which I have to add in the header of every req from swagger UI.
I'm using a node server and swagger-tool with swagger 2.0.
If you're using nginx you could add basic HTTP Authentication. Then anytime anyone goes to your docs url or sub-domain they'll get a pop-up user/password dialog before being able to access swagger-ui.
Full instructions for creating your user/password combinations (assuming Ubuntu):
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd exampleuser
The tool will prompt you for a password.
Then update your nginx file to have something like this for the docs route:
location /docs {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://0.0.0.0:3000;
}
Then reload nginx:
sudo /etc/init.d/nginx reload
I have a rails application that I set to use a proxy so that I could update gems in my school's LAN.
However now that I'm not using the school's network, when I do
bundle install
I get this error
Unfortunately, a fatal error has occurred. Please see the Bundler
troubleshooting documentation at http://bit.ly/bundler-issues. Thanks!
/home/me/.rvm/rubies/ruby-2.1.1/lib/ruby/2.1.0/uri/generic.rb:214:in `initialize': the scheme http does not accept registry part: cavs#students:cavsuon#proxy.uonbi.ac.ke:80 (or bad hostname?) (URI::InvalidURIError)
When I also do
gem update bundler
or
gem update --system
I get this error
ERROR: While executing gem ... (URI::InvalidURIError)
the scheme https does not accept registry part: cavs#students:cavsuon#proxy.uonbi.ac.ke:80 (or bad hostname?
I cannot recall how I set up my app to use proxy but even when I did it has never worked so I thought that it was never using a proxy in the first place.
How can I unset this proxy configuration and set it again if I'm on my school's network
Upon doing
echo $http_proxy
as suggested, I get
http://cavs#students:cavsuon#proxy.uonbi.ac.ke:80
How do I unset $http_proxy
By default it may be picking up the http_proxy environment variable.
Try running
echo $http_proxy
on the command line to see what it gives back to you. You can set that value using
export http_proxy=http://user:password#host:port
If that doesn't work, also see what HTTP_PROXY is set to.
You can unset a variable temporarily by using unset http_proxy. If it is something you need to change more permanently (i.e. it is there every time you open a terminal) you will need to check the various hidden files in your home directory (i.e. .profile or .bashrc) to find and remove it.
I had similar problem which turned out to be the problem in Ruby itself:
The problem is related to the uri component of Ruby itself, which
tries to match the userinfo part of the URI
So, in your case, according to this regexp doesn't accept # character and you should modify your /usr/lib/ruby/1.8/uri/common.rb:
-ret[:USERINFO] = userinfo = "(?:[#{unreserved};:&=+$,]|#{escaped})*"
+ret[:USERINFO] = userinfo = "(?:[#{unreserved};:&=+$,#]|#{escaped})*"
run export http_proxy=http://x.x.x.x:8080 on the command line and then check if that has changed using echo $http_proxy. This worked for me on 12/18/2018
I just upgraded my nginx from 1.4.2 (/usr/local) to 1.4.7 (yum) on AWS EC2. I now have a pair of errors occuring on the client side:
GET https://subdomain.mysite.com/assets/application.css net::ERR_CONTENT_LENGTH_MISMATCH
GET https://subdomain.mysite.com/assets/application.js net::ERR_CONTENT_LENGTH_MISMATCH
I am at a loss for this and google has not been much help. Any ideas on where to start? All help appreciated. Could the switch from a manual install to a yum install be the issue?
I can confirm answer 1 addresses the underlying problem (I'm a new SE user so I can't upvote it yet). Here is more detail for search engines:
From /var/log/nginx/error.log
2014/04/30 08:07:48 [crit] 35135#0: *116437 open() "/var/lib/nginx/proxy/7/09/0000001097" failed (13: Permission denied) while reading upstream
In my case this happened because I recently changed the user under which nginx runs (the default nginx config uses www-data in /etc/nginx/nginx.conf).
My solution was to chown -R correct_user:root /var/lib/nginx/proxy. I imagine I could also have rm -rf'd the existing /var/lib/nginx/proxy subdirectories with the expectation that nginx would recreate them using the correct_user as owner.
eric-francis thanks for figuring this out! This easily saved me a day of hunting.
tail -f /usr/local/var/log/nginx/error.log
You may see something like:
"/usr/local/var/run/nginx/proxy_temp/9/04/0000000049" failed (13:
Permission denied) while reading upstream
Heres how I fixed:
sudo nginx -s stop
sudo rm -rf /usr/local/var/run/nginx/*
Ok, so this can be fixed in a couple of ways. The thing to do is check your log file.
Mine was located at /usr/share/nginx/log/error-appname.log
Tail the log and you will find that user defined in your config file (mine is at /etc/nginx/nginx.conf) most likely does not have permissions to something. I use user nobody.
For one app I had to give u+rx (nginx needs executable) to my application user's home folder all the way to my application's public assets directory.
On another server, nobody was not able to write to nginx's /var/lib/nginx/tmp/proxy folder. So I had to chown nobody /var/lib/nginx down to the /proxy folder nobody was trying to write to.