Hide headers on Passenger / Nginx server

Question

Hide headers on Passenger / Nginx server

I am trying to hide these headers for a production server, but to no avail:

 X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.7
 X-Runtime: 0.021429
 Server: nginx/1.0.0 + Phusion Passenger 3.0.7 (mod_rails/mod_rack)

Using:

- Rails 3.0.9
- Passenger 3.0.7
- Nginx 1.0.0

Any ideas?

+5

ruby-on-rails ruby-on-rails-3 nginx passenger

Hartator Jun 28 '11 at 16:29

source share

2 answers

It is possible to hide passenger headers, but they require a specific configuration. Something like this should work:

The outside world has encountered a part:

upstream x {
  server your-server:8040;
}

server {
  server_name your-domain;

  # ... 
  location / {
    # ...
    proxy_hide_header X-Powered-By;
    proxy_hide_header X-Runtime;

    proxy_pass http://x;
  }
}

Passenger powered website:

server {
  server_name local-site;
  listen 8040 default_server;

  location / {
    passenger_enabled on;
    # regular site configuration
  }
}

local-site nginx your-domain, , , .

0

valodzka 07 . '13 21:23

Alexd · Accepted Answer · 2011-07-18T05:12:32+0000

To remove the nginx header Server:, you can use the directive server_tokens off.

For other headers, try using the Headers More nginx module:

more_set_headers 'Server: anon'; # replace the default 'nginx + Passenger'
more_set_headers 'X-Powered-By'; # clear header entirely

Hide headers on Passenger / Nginx server

More articles: