Question:
I am running an app on the platform Ruby 2.2 (Passenger Standalone) and wish to hide the nginx version from the HTTP headers. I am not using Docker. Other Stack Overflow answers have recommended adding this to my .ebextensions:
00_nginx.conf:
|
1 2 3 4 5 6 7 8 9 |
files: "/etc/nginx/conf.d/proxy.conf": mode: "000644" content: | http { server_tokens off; passenger_show_version_in_header off; } |
However this does nothing. Should I be putting the file in a different spot?
Answer:
AWS Elastic Beanstalk with Ruby 2.2 + Passenger Standalone 1.4.3 doesn’t use (original) Nginx 1.6.2. It uses Passenger Standalone 1.4.3 server, which is modified version of Nginx 1.6.2.
So, if you want to modify the Nginx config, you must edit the Passenger Standalone config. The Passenger Standalone config is located at $(passenger-config about resourcesdir)/templates/standalone/config.erb.
You can use following .ebextensions:
00-passenger.config:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
files: "/home/ec2-user/hide_passenger_version.sh" : mode: "000777" owner: ec2-user group: ec2-user content: | #!/bin/bash CONFIG_FILE=$(/opt/rubies/ruby-2.2.2/bin/passenger-config about resourcesdir)/templates/standalone/config.erb if ! grep -q "server_tokens off;" $CONFIG_FILE; then sed -i '/http {/a\ server_tokens off;\ passenger_show_version_in_header off;' $CONFIG_FILE fi commands: 00-hide-passenger-version: command: sh /home/ec2-user/hide_passenger_version.sh cwd: /home/ec2-user |
The above config will check the Passanger config for server_tokens off;. If server_tokens off; isn’t set, we add server_tokens off; and passenger_show_version_in_header off; just below (append) http {.
Before:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ curl -I http://itmustbeasecret.elasticbeanstalk.com/hello HTTP/1.1 200 OK Content-Length: 12 Content-Type: text/html;charset=utf-8 Date: Sat, 25 Jul 2015 14:21:27 GMT Server: nginx/1.6.2 + Phusion Passenger 4.0.59 Status: 200 OK X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Powered-By: Phusion Passenger 4.0.59 X-XSS-Protection: 1; mode=block Connection: keep-alive |
After:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ curl -I http://itmustbeasecret.elasticbeanstalk.com/hello HTTP/1.1 200 OK Content-Length: 12 Content-Type: text/html;charset=utf-8 Date: Sat, 25 Jul 2015 14:03:23 GMT Server: nginx + Phusion Passenger Status: 200 OK X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Powered-By: Phusion Passenger X-XSS-Protection: 1; mode=block Connection: keep-alive |
NOTE: The above config only affect if the Passenger is (re)-started. So, you need to terminate your current instance.