隐藏 nginx 版本信息：
编辑 /usr/local/nginx/conf/nginx.conf ，在 http 标签段内加上：
编辑 /usr/local/nginx/conf/fastcgi_params ：
fastcgi_param SERVER_SOFTWARE ChaoOS;
隐藏 PHP 版本信息
需要编辑 /usr/local/php/etc/php.ini ：
隐藏 server 信息：
需要编辑 nginx 源代码（不是nginx的安装目录）后，重新编译 nginx 。
there are many hidden ways servers perform by accident via their implementation which may help identify the system. e.g. How it responds to a bad SSL request. I don’t see a practical way of preventing this.
Look at nmap’s OS detection for instance – this looks at the target hosts’s responses to IP/TCP requests and is able to determine the OS that way. It’s really not worth putting effort into this.
Better to secure your server as best as you can rather than relying on security through obscurity.
Server tokens only turn off the version number. Nginx does not allow for completely removing the header.
Of course security through obscurity does nothing for your security itself but it sure as hell will at least protect against the most mundane, simplistic attack vectors – security through obscurity is a necessary step, it may be the first one and should never be the last security measurement -skipping it completely is a very bad mistake, even the most secure webservers can be cracked if a version-specific attack vector is known.