Hey Alex, what happens if you replace both the reverse proxy lines with a single respond Hello line - does the header still appear?
(Also, just FYI, hiding the server header doesn’t really grant you any improvements to security. It’s still often trivial to figure out which server is running with other methods. It only makes it harder for us to know how widely the project is being used, which makes it harder for us to know how to better improve it.)
Okay, since the Server header doesn’t exist with this configuration, it is the backend servers that is setting that header.
Hmmm, it’s unclear to me whether this is correct behavior or not. Should the header directive change the headers sent from an upstream server? (The reverse_proxy directive has the header_down subdirective to deal with that, for now.)
I know you’ll probably say “Yes” since you obviously expected it to work, but I am still wondering if this would be the correct behavior or not.