Welcome! Log In Create A New Profile

Advanced

server_tokens=off not respected in when nginx started with -g daemon off;

Posted by corrigac 
server_tokens=off not respected in when nginx started with -g daemon off;
February 10, 2021 05:54AM
I've deployed an nginx docker container, starting with '-g daemon off;' , and with 'server_tokens off;' sprinkled throughout the config, but am still seeing Server:nginx in the response headers.

Does anyone know if this is a feature of running in non daemon mode ?

nginx version from docker nginx:1.19-alpine
nginx.conf: ------
user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 768;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Secirity "max-age=31536000; inclideSubDomains; preload";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header X-XSS-Protection "1; mode=block";
add_header Server "";
}
------
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 78
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready