扫二维码与项目经理沟通
我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流
在生产环境中,需要隐藏Nginx
的版本号,以避免安全漏洞的泄漏
成都创新互联公司是一家朝气蓬勃的网站建设公司。公司专注于为企业提供信息化建设解决方案。从事网站开发,网站制作,网站设计,网站模板,微信公众号开发,软件开发,成都小程序开发,十余年建站对门窗定制等多个行业,拥有丰富的网站维护经验。
查看方法
fiddler
工具在Windows
客户端查看Nginx
版本号CentOS
系统中使用"curl -I 网址”
命令查看Nginx
的配置文件中的server_ tokens
选项的值设置为off
[root@www conf]# vi nginx.conf
.....
server_ tokens off; //关闭版本号
.....
[root@www conf]# nginx -t
curl -I
命令检测[root@www conf]# service nginx restart
[root@www conf]# curl -| http://192.168.9.209/
HTTP/1.1 200 OK
Server: nginx
php
配置文件中配置了fastcgi_param SERVER_ SOFTWARE
选项.php-fpm
配置文件,将fastcgi_param SERVER_ SOFTWARE
对应的值修改为
fastcgi_param SERVER_ SOFTWARE nginx
;[root@localhost nginx]# curl -I http://192.168.144.133/ //使用命令查看版本号
HTTP/1.1 200 OK
Server: nginx/1.12.2 //显示版本号
Date: Thu, 14 Nov 2019 06:52:14 GMT
Content-Type: text/html
Content-Length: 634
Last-Modified: Thu, 14 Nov 2019 06:24:32 GMT
Connection: keep-alive
ETag: "5dccf320-27a"
Accept-Ranges: bytes
[root@localhost nginx]# vim conf/nginx.conf //进入编辑配置文件
...//省略部分内容...
http {
include mime.types;
default_type application/octet-stream;
server_tokens off; //添加条目关闭版本号
...//省略部分内容...
:wq
[root@localhost nginx]# systemctl restart nginx.service
[root@localhost nginx]# curl -I http://192.168.144.133
HTTP/1.1 200 OK
Server: nginx //版本号隐藏
Date: Thu, 14 Nov 2019 06:56:51 GMT
Content-Type: text/html
Content-Length: 634
Last-Modified: Thu, 14 Nov 2019 06:24:32 GMT
Connection: keep-alive
ETag: "5dccf320-27a"
Accept-Ranges: bytes
Nginx
源码文件/usr/src/nginx-1.12.0/src/core/nginx.h
包含了版本信息,可以随意设置重新编译安装,隐藏版本信息
示例:
#define NGINX_ VERSION“1.1.1" 修改版本号为1.1.1
#define NGINX VER "IIS/" 修改软件类型为IIS
curl -I
命令检测[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf //编辑nginx配置文件
...//省略部分内容...
http {
include mime.types;
default_type application/octet-stream;
server_tokens on; //打开上面设置的隐藏版本号条目
...//省略部分内容...
:wq
[root@localhost ~]# cd /opt/nginx-1.12.2/src/core/ //到解压的源码包中更改版本号信息
[root@localhost core]# vim nginx.h
#define nginx_version 1012002
#define NGINX_VERSION "1.1.1" //更改版本号
#define NGINX_VER "nginx/" NGINX_VERSION
:wq
[root@localhost core]# cd /optnginx-1.12.2/
[root@localhost nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module //重新配置nginx
checking for OS
+ Linux 3.10.0-693.el7.x86_64 x86_64
checking for C compiler ... found
+ using GNU C compiler
+ gcc version: 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
...//省略部分内容...
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
[root@localhost nginx-1.12.2]# make && make install //重新制作安装nginx
[root@localhost nginx-1.12.2]# systemctl restart nginx.service //重新启动nginx服务
[root@localhost nginx-1.12.2]# curl -I http://192.168.144.133 //查看版本号
HTTP/1.1 200 OK
Server: nginx/1.1.1 //版本号变更
Date: Thu, 14 Nov 2019 07:11:08 GMT
Content-Type: text/html
Content-Length: 634
Last-Modified: Thu, 14 Nov 2019 06:24:32 GMT
Connection: keep-alive
ETag: "5dccf320-27a"
Accept-Ranges: bytes
Nginx
运行时进程需要有用户与组的支持,以实现对网站文件读取时进行访问控制Nginx
默认使用nobody
用户账号与组账号,一般也要进行修改创建用户账号与组账号,如nginx
--user
与--group
指定Nginx
服务的运行用户与组账号nginx
user
选项,指定用户账号nginx
服务, 使配置生效ps aux
命令查看nginx
的进程信息,验证运行用户账号改变效果[root@www conf]# vi nginx.conf
user nginx nginx;
[root@www conf]# service nginx restart
[root@www conf]# ps aux | grep nginx
root 130034 0.0 0.0 20220 620 ? Ss 19:41 0:00 nginx: master process
/usr/local/sbin/nginx
nginx 130035 0.0 0.0 20664 1512 ? S 19:41 0:00 nginx: worker process
Nginx
将网页数据返回给客户端后,可设置缓存的时间,以方便在日后进行相同内容的请求时直接返回,避免重复请求,加快了访问速度Windows
客户端中使用fiddler
查看网页缓存时间http
段、 或者server
段、 或者location
段加入对特定内容的过期参数location ~\.(gif|ipg|jepg|png|bmp|ico)$ {
root html;
expires 1d;
}
[root@localhost ~]# systemctl stop firewalld.service //关闭防火墙
[root@localhost ~]# setenforce 0 //关闭增强性安全功能
[root@localhost ~]# systemctl start nginx.service //启动nginx服务
[root@localhost ~]# netstat -ntap | grep 80 //查看服务端口是否开启
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1684/nginx: master
[root@localhost ~]# mkdir abc
[root@localhost ~]# mount.cifs //192.168.100.10/lamp-c7 abc/ //将宿主机图片文件夹挂载到abc目录
Password for root@//192.168.100.10/lamp-c7:
[root@localhost ~]# cd abc/ //进入abc目录
[root@localhost abc]# ls
apr-1.6.2.tar.gz Discuz_X2.5_SC_UTF8.zip miao.jpg
apr-util-1.6.0.tar.gz error.png MySQL-5.6.26.tar.gz
awstats-7.6.tar.gz httpd-2.4.29.tar.bz2 nginx-1.12.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm LAMP-php5.6.txt php-5.6.11.tar.bz2
[root@localhost abc]# cp miao.jpg /usr/local/nginx/html/ //将图片复制到nginx服务站点
[root@localhost abc]# cd /usr/local/nginx/html/ //进入站点目录
[root@localhost html]# ls
50x.html index.html miao.jpg
[root@localhost html]# vim index.html //编辑网页内容
Welcome to nginx!
Welcome to nginx!
//添加图片
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
:wq
[root@localhost nginx]# vim conf/nginx.conf //编辑配置
..//省略部分内容...
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
..//省略部分内容...
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~\.(gif|jepg|jpg|ico|bmp|png)$ { //编辑缓存条目
root html;
expires 1d;
}
}
..//省略部分内容...
:wq
[root@localhost nginx]# systemctl restart nginx.service //重启nginx服务
Keepalive_ timeout
Client header_ timeout
[root@localhost nginx-1.12.2]# cd /usr/local/nginx/conf/ //进入nginx配置文件目录
[root@localhost conf]# vim nginx.conf //编辑配置文件
...//省略部分内容...
http {
include mime.types;
default_type application/octet-stream;
server_tokens on;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65 180; //添加客户端超时时间180秒
client_header_timeout 80; //设置客户端头部超时时间
client_body_timeout 80; //设置客户端主题内容超时时间
#gzip on;
server {
listen 80;
server_name localhost;
...//省略部分内容...
:wq
[root@localhost conf]# systemctl restart nginx.service //重启服务
我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流