Resolved How to disable Nginx server signature?

[raytracy]

I have turned the server_tokens off that disabled nginx version, but still disclosure the server signature:

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2016 11:54:25 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

It seems the only way to disable it is re-compile from source, but that will break the yum update capability.
Is there any way to disable or overwrite the default signature and still can be update from yum repository in future?

 

[UFHH01]

Hi raytracy,

the setting "server_tokens off;" in your "nginx.conf" only prevents the reply of the VERSION NUMBER, but does not prevent the reply of the webserver - name itself.

Quoted from the official NGINX documents:

Enables or disables emitting nginx version in error messages and in the “Server” response header field.

If you would like to achieve the complete reply-prevention ( for whatever reason ), you have to compile NGINX with for example the module => "headers_more", where you are then able to use for example:

more_set_headers 'Server: NONE-OF-YOUR-BUISINESS';

or you may clear the COMPLETE reply with

more_clear_headers 'Server';

It seems the only way to disable it is re-compile from source, but that will break the yum update capability.

Correct.

Is there any way to disable or overwrite the default signature and still can be update from yum repository in future?

There are only the above described methods.