If you need to fix "web server internal IP address/internal network name disclosure vulnerability" for Nginx please check these steps and configuration examples. Also, I added how to check if you fixed the vulnerability or not.
Step 1: How to check If your server is affected?
#openssl s_client -connect <IP_ADDRESS>:<PORT> -quiet
When you run the command which added below it will wait for input to send an HTTP request to the server. Type this one and press enter.
GET /images HTTP/1.0
Then you will get some outputs like these. First thing that you need to check is Location. Because if your server is affected then you will see server IP or Hostname.
HTTP/1.1 301 Moved Permanently
Server: nginx/1.12.2
Date: Mon, 09 Apr 2018 12:53:09 GMT
Content-Type: text/html
Content-Length: 185
Location: https://12.12.120.12:9443/images/
Connection: keep-alive
Step 2: How to Fix Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
Please check this Link for more detail information about the Nginx configuration. The first attribute which we need to set is server_name. But only the server name is not enough for this type of vulnerability. Also, you need to enable server_name redirection for the Nginx server. The default option is off. So if you don't change this one there is no mean to set server_name. Please check the Link .
server_name casesup.com
server_name_in_redirect on
"Enables or disables the use of the primary server name, specified by the server_name directive, in absolute redirects issued by Nginx. When the use of the primary server name is disabled, the name from the “Host” request-header field is used. If this field is not present, the IP address of the server is used."