// Tutorial //

How To Customize Your Nginx Server Name After Compiling From Source In CentOS

Published on February 11, 2014
Default avatar
By Sairam Kunala
Developer and author at DigitalOcean.
How To Customize Your Nginx Server Name After Compiling From Source In CentOS

Introduction


As a follow up to the article on how to compile nginx from source, this tutorial helps you customize the name of the server on your host. Usually, companies modify the server names for security reasons. If a vulnerability is found in a particular version of the webserver, hackers can replicate it to exploit the behaviour.

Customizing the name of your nginx server requires modifying source code (this tutorial will guide you step by step) and requires re-compilation from the previous article.

Finding your server’s version


curl -I http://example.com/

HTTP/1.1 200 OK
Server: nginx/1.5.6 # <-- this is the version of nginx you currently use
Date: Thu, 17 Nov 2013 20:40:18 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 17 Nov 2013 20:37:02 GMT
Connection: keep-alive
ETag: "51f18c6e-264"
Accept-Ranges: bytes

Change the Nginx Server Strings


Go back to the nginx source directory from the last tutorial. You should look at the previous tutorial on compiling from source after the “Downloading the source code” section.

cd ~/src/nginx/
vi +49 src/http/ngx_http_header_filter_module.c

Find the lines:

static char ngx_http_server_string[] = "Server: nginx" CRLF;
static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;

and modify to:

static char ngx_http_server_string[] = "Server: the-ocean" CRLF;
static char ngx_http_server_full_string[] = "Server: the-ocean" CRLF;

Recompile Nginx with New Options


You need to follow this guide to look at the configure options or search from your command line history:

./configure ... 
make
make install

Stop Displaying Server Version in Configuration


vi +19 /etc/nginx/nginx.conf

Add the line under http configuration. Repeat for https if you have the section

http {
...
server_tokens off;
....

Restart the Nginx Service


We need to restart nginx since the nginx file has changed:

service nginx restart

Verify the Results


Let’s verify if we see the server information now:

curl -I http://example.com/

HTTP/1.1 200 OK
Server: the-ocean
Date: Thu, 17 Nov 2013 20:50:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 17 Nov 2013 20:37:02 GMT
Connection: keep-alive
ETag: "51f18c6e-264"
Accept-Ranges: bytes

<div class=“author”><a href=“http://sair.am/”>By Sairam Kunala</a></div>


Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in our Questions & Answers section, find tutorials and tools that will help you grow as a developer and scale your project or business, and subscribe to topics of interest.

Sign up
About the authors
Default avatar
Developer and author at DigitalOcean.

Still looking for an answer?

Was this helpful?

Hi…

This a nice trick, btw you also could modify the Nginx server name without hard-coded change the source file by using Headers more module.

Then, you enable it through nginx.conf file such as below

more_set_headers "Server: LEMPer";

I use this method for my LEMPer stack (https://github.com/joglomedia/LEMPer)

Regards

If you want to remove or edit the nginx server string without compiling and you installed nginx using apt-get in Debian or Ubuntu (It might apply to CentOs too), you can install the package nginx-extras to set or clear “Server” header. Once this is done, you can add the lines below in nginx.conf (usually /etc/nginx/nginx.conf):

To clear the “Server” header altogether:

more_clear_headers Server; 

To Set a custom string as “Server”

more_set_headers 'Server: some-string-here';

REFERENCE: http://serverfault.com/a/766634/108103

Hello, How i can change name server nginx-xxxx to other name after installed nginx in centos server ?

I did try this but it did not work!

@Kamal Nasser: Cool! Thanx!

Ok. curl say custom name of server. But how I can modify info in server token, e.g. on error pages?

Dammit, how do I edit? I didn’t meant to post just that - anyway, what I was trying to say was that I’d come here to post exactly what JP said… great Jonathans think alike!

Also, as found on StackOverflow…

"f you are using nginx to proxy a back-end application and want the back-end to advertise its own Server: header without nginx overwriting it, then you can go inside of your server {…} stanza and set:

proxy_pass_header Server; That will convince nginx to leave that header alone and not rewrite the value set by the back-end."

And if you ARE going to be compiling, you might as well compile in the HttpHeadersMoreModule http://wiki.nginx.org/HttpHeadersMoreModule.

Personally, I prefer the idea of leaving in the Nginx identifier and removing the version. No special compiling needed, and it lets people know how fast this great webserver/proxy/everything is growing.

If you can’t or don’t want to re-compile nginx but still want to obscure the version number for security reasons then you can specify in your nginx .conf whether to include the version number in errors and the header responses, see http://wiki.nginx.org/HttpCoreModule#server_tokens and http://www.nginxtips.com/how-to-hide-nginx-version/