Fully block Server header

ansible/galaxy-requirements.yml

@@ -2,6 +2,7 @@ collections:
   - ansible.posix
   - community.general
   - community.docker
+  - kewlfft.aur
   - name: https://github.com/prometheus-community/ansible
     type: git
 

ansible/roles/nginx/files/nginx.conf

@@ -2,6 +2,8 @@ worker_processes  auto;
 
 error_log  /var/log/nginx/error.log;
 
+load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
+
 pcre_jit on;
 
 events {
@@ -13,6 +15,7 @@ http {
     default_type  application/octet-stream;
 
     server_tokens off;
+    more_clear_headers "Server";
 
     types_hash_max_size 2048;
     types_hash_bucket_size 128;

ansible/roles/nginx/tasks/main.yml

@@ -10,6 +10,18 @@
   when: ansible_os_family == 'Archlinux'
   become: true
 
+- name: Install nginx-mod-http-headers-more
+  package:
+    name: libnginx-mod-http-headers-more-filter
+  when: ansible_os_family != 'Archlinux'
+  become: true
+
+- name: Install nginx-mod-http-headers-more on Arch
+  kewlfft.aur.aur:
+    name: nginx-mainline-mod-headers-more
+  when: ansible_os_family == 'Archlinux'
+  become: true
+
 - name: Create config directories
   file:
     path: /etc/nginx/{{ item }}