Back to articles
Oct 13, 2019 - 2 MIN READ
Hide your NGINX header on Ubuntu

Hide your NGINX header on Ubuntu

How to turn off or mask the NGINX server header on Ubuntu to keep the server details private.

Roslan Saidi

Roslan Saidi

Did you know you can hide your web server header?
So what’s the purpose of this approach?

I believe this is one of the best security practices — it helps obscure what web server you’re using, making it slightly harder for attackers to fingerprint your setup.

Step 1 — Upgrade NGINX to the Latest Stable

To start, install the necessary dependencies and upgrade to the latest stable version of NGINX:

sudo apt install software-properties-common nginx=stable

Add NGINX Repository

Now, add the official NGINX PPA repository:

sudo add-apt-repository -y ppa:nginx/$nginx

Update the Package Lists

Next, update your system package lists and upgrade your packages:

sudo apt update
sudo apt dist-upgrade

Check NGINX Version

Verify that NGINX was installed or upgraded successfully:

nginx -v

Install nginx-extras

The nginx-extras package provides additional modules, including the one required for custom headers.

sudo apt install nginx-extras

Edit the NGINX Configuration File

Open your main NGINX configuration file in your preferred editor:

sudo vim /etc/nginx/nginx.conf

Add Modules and Custom Headers

Add the following module at the top of your configuration file (outside of any block):

load_module modules/ngx_http_headers_more_filter_module.so;

Then, inside the http block, add the line below to customize your server header:

http {
  more_set_headers "Server: Your Server";
}

You can replace "Your Server" with any label you prefer (or even an empty string if you want it completely blank).

Test and Restart NGINX

Before restarting, always test your configuration to ensure there are no syntax errors:

sudo nginx -t

If everything is OK, restart NGINX:

sudo service nginx restart

Done!

That’s it!
You’ve successfully hidden or customized your NGINX server header.

This is a small but valuable hardening step for your web server’s security posture.
While it won’t make your server bulletproof, it helps minimize unnecessary information exposure — a fundamental part of defense in depth.

Bonus Tip

To verify your change, run:

curl -I https://yourdomain.com

You should now see:

Server: Your Server

instead of the default NGINX version header.

Automatically Logout All Tab Using VueUse Broadcast Channel with Pinia

Keep every tab in sync when a user signs out — one logout closes them all in Nuxt using Broadcast Channel + Pinia.

Technical Debt

A beginner-friendly look at how coding shortcuts today can create bigger problems tomorrow.

© 2024 Roslan Saidi