To secure Nginx and disable server information leakage, you can follow these steps:
- Hide server version: By default, Nginx includes the server version number in its response headers. To hide this information, you need to modify the Nginx configuration file. Open the configuration file using a text editor, such as nano or vi, and add the following line in the HTTP block:
server_tokens off;
Save the file and restart the Nginx service to apply the changes.
- Remove the "X-Powered-By" header: Nginx also includes an "X-Powered-By" header that can reveal information about the technology or scripting language being used. To remove this header, add the following line in the server block of the configuration file:
proxy_hide_header X-Powered-By;
Again, save the file and restart the Nginx service.
- Disable server signature: By default, Nginx includes a server signature in error pages that reveals the server software and version. To disable this, add the following line in the HTTP block of the configuration file:
server_tokens off;
Save the file and restart the Nginx service.
- Test the changes: After applying the above changes, it is important to verify if the server information leakage has been successfully disabled. You can use various online tools like SSL Labs, SecurityHeaders.com, or curl commands to check the headers of your website.
Note: It is recommended to take a backup of your Nginx configuration file before making any changes, as any incorrect changes could cause errors in your web server's configuration.