How to hide the version number and web page cache time in Nginx
|
Nginx optimization---hiding version number and web page cache time Configure Nginx to hide the version number In a production environment, you need to hide the Nginx version number to avoid security issues. Vulnerability disclosure View Method ● Use fiddler tool to check Nginx version number on Windows client Use the "curl -I URL" command to view in CentOS system How to hide the version number in Nginx ● Modify the configuration file method ●Modify source code Modify the configuration file method 1. Set the value of the server_tokens option in the Nginx configuration file to off [root@www conf]# vim nginx.conf ..... server_tokens off; ..... [root@www conf]# nginx -t 2. Restart the service and access the website using the curl -I command to test [root@www conf]# service nginx restart [root@www conf]# curl -1 http://192.1 68.9.209/ HTTP/1.1200 OK Server: nginx 3. If the fastcgi param SERVER SOFTWARE option is configured in the PHP configuration file. Then edit the php-fpm configuration file and change the value of fastcgi param SERVER SOFTWARE to fastcgi_ param SERVER_ SOFTWARE nginx; Modify source code The Nginx source code file /usr/src/nginx-1.12.0/src/core/nginx.h contains version information. You can set it to recompile and install at will, and hide the version information. Example: #define NGINX_ _VERSION "1.1.1" , change the version number to 1.1.1 #define NGINX_ VER "IIS/" , change the software type to IIS Restart the service and access the website using the curl -I command to test Modify Nginx user and group The Nginx runtime process needs to have user and group support to implement access control when reading website files Nginx uses the nobody user account and group account by default, which usually needs to be modified Modification method ●Specify the user and group when compiling and installing ●Modify the configuration file to specify the user and group Modify the configuration file to specify 1. Create a new user account, such as nginx 2. Modify the user option in the main configuration file and specify the user account 3. Restart the nginx service to make the configuration effective 4. Use the ps aux command to view the process information of nginx and verify the running user Account Change Effect [root@www conf]# vi nginx.conf user nginx nginx; [root@www conf]# service nginx restart [root@www conf]# ps aux lgrep nginx root 1300340.0 0.0 20220 620? Ss 19:41 0:00 nginx: master process /usr/local/sbin/nginx nginx 1300350.0 0.0 20664 1512 ?S 19:41 0:00 nginx: worker process Configure Nginx web page cache time When Nginx returns web page data to the client, you can set the cache time to facilitate direct return when the same content is requested in the future, avoiding repeated requests and speeding up access. It is usually set for static web pages, and no cache time is set for dynamic web pages. You can use fiddler in the Windows client to view the web page cache time. How to set it up You can modify the configuration file and add expiration parameters for specific content in the http section, server section, or location section. Example Modify the Nginx configuration file and add the expires parameter in the location section
location ~ \.(gifjpgliepglpnglbmplico)$ {
root html;
expires 1d;Hide version number example demonstration 1. Compile and install Nginx service Step 1: Remotely obtain the source package on Windows and mount it on Linux [root@localhost ~]# smbclient -L //192.168.235.1 Enter SAMBA\root's password: Sharename Type Comment --------- ---- ------- LNMP Disk [root@localhost ~]# mkdir /abc [root@localhost ~]# mount.cifs //192.168.235.1/LNMP /abc Password for root@//192.168.235.1/LNMP: [root@localhost ~]# ls /abc Discuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gz game.jpg php-7.1.10.tar.bz2 mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz nginx-1.12.0.tar.gz Step 2: Unzip the source package [root@localhost ~]# cd /abc [root@localhost abc]# tar zxvf nginx-1.12.0.tar.gz -C /opt [root@localhost abc]# ls /opt nginx-1.12.0 rh Step 3: Download and install the compilation component package [root@localhost abc]# cd /opt [root@localhost opt]# yum install -y \ > gcc \ //C language> gcc-c++ \ //c++ language> pcre-devel \ //pcre language tool> zlib-devel //compression function library Step 4: Create a program user and configure Nginx service related components [root@localhost opt]# useradd -M -s /sbin/nologin nginx //Create program user nginx and restrict it from logging into the terminal [root@localhost opt]# cd nginx-1.12.0/ [root@localhost nginx-1.12.0]# ./configure \ //Configure nginx > --prefix=/usr/local/nginx \ //Specify the installation path> --user=nginx \ //Specify username> --group=nginx \ //Specify the group to which the user belongs> --with-http_stub_status_module //Install status statistics module Step 5: Compile and install Nginx [root@localhost nginx-1.12.0]# make && make install Step 6: Optimize the Nginx service startup script and establish a command soft link [root@localhost nginx-1.12.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ //Create a soft link to the nginx service command to the system command [root@localhost nginx-1.12.0]# systemctl stop firewalld.service //Turn off the firewall [root@localhost nginx-1.12.0]# setenforce 0 //Turn off enhanced security features [root@localhost nginx-1.12.0]# nginx //Enter nginx to start the service [root@localhost nginx-1.12.0]# netstat -ntap | grep 80 //View the service port 80, showing that tcp is enabled 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7520/nginx: master Step 7: systemctl manages nginx scripts [root@localhost ~]# vim /lib/systemd/system/nginx.service ##Create configuration file [Unit] Description=nginx ##Description After=network.target ##Description of service type [Service] Type=forking ##Background running formPIDFile=/usr/local/nginx/logs/nginx.pid ##PID file locationExecStart=/usr/local/nginx/sbin/nginx ##Start serviceExecReload=/usr/bin/kill -s HUP $MAINPID ##Configure reloading according to PIDExecStop=/usr/bin/kill -s QUIT $MAINPID ##Terminate the process according to PIDPrivateTmp=true [Install] WantedBy=multi-user.target [root@localhost ~]# chmod 754 /lib/systemd/system/nginx.service ##Set execution permissions [root@localhost ~]# systemctl stop nginx.service ##Shut down nginx [root@localhost ~]# systemctl start nginx.service ##Start nginx 2. Hide the version number by modifying the configuration file Step 1: Check the Nginx version number by default [root@localhost ~]# curl -I http://192.168.235.158 ##Check the version number HTTP/1.1 200 OK Server: nginx/1.12.0 ##The visible version number is 1.12.0 Date: Wed, 13 Nov 2019 08:32:59 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT Connection: keep-alive ETag: "5dc2278f-264" Accept-Ranges: bytes Step 2: Modify the nginx.conf configuration file
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
##Add the server_tokens option to the http protocol section and set the value to offjpg Step 3: Verify that the Nginx version number is hidden [root@localhost ~]# systemctl stop nginx.service [root@localhost ~]# systemctl start nginx.service [root@localhost ~]# curl -I http://192.168.235.158 HTTP/1.1 200 OK Server: nginx ##The visible version number has been hidden Date: Wed, 13 Nov 2019 09:18:00 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT Connection: keep-alive ETag: "5dc2278f-264" Accept-Ranges: bytes 3. Modify the configuration source code to hide the version number Step 1: Modify the nginx.conf configuration file [root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf ... server_tokens on; ##Replace off with on Step 2: Modify the version information in the source code file nginx.h [root@localhost ~]# vim /opt/nginx-1.12.0/src/core/nginx.h #define NGINX_VERSION "1.1.1" ##Change version information to 1.1.1 Step 3: Recompile Nginx [root@localhost ~]# cd /opt/nginx-1.12.0/ [root@localhost nginx-1.12.0]# ./configure \ > --prefix=/usr/local/nginx \ > --user=nginx \ > --group=nginx \ > --with-http_stub_status_module [root@localhost nginx-1.12.0]# make && make install Step 4: Verify that the Nginx version number is hidden [root@localhost nginx-1.12.0]# curl -I http://192.168.235.158 HTTP/1.1 200 OK Server: nginx/1.1.1 ##The version number has been successfully changed to 1.1.1 Date: Wed, 13 Nov 2019 10:20:23 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT Connection: keep-alive ETag: "5dc2278f-264" Accept-Ranges: bytes Web page cache time example demonstration Step 1: Copy the image to the site directory [root@localhost nginx-1.12.0]# ls /abc Discuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gz game.jpg php-7.1.10.tar.bz2 mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz nginx-1.12.0.tar.gz [root@localhost nginx-1.12.0]# cp /abc/game.jpg /usr/local/nginx/html/ [root@localhost nginx-1.12.0]# cd /usr/local/nginx/html/ [root@localhost html]# ls 50x.html game.jpg index.html Step 2: Modify Nginx's index.html page [root@localhost html]# vim index.html <h1>Welcome to nginx!</h1> <img src="game.jpg"/> ##Add the image path under the h1 tag Step 3: Modify Nginx .conf file
[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf
user nginx nginx;
##Enter this line entry separately, specify user nginx, specify group nginx
location ~\.(gif|jepg|jpg|ico|bmp|png)$ {
root html;
expires 1d;
##The above image types are cached for one day}
[root@localhost html]# systemctl stop nginx.service
[root@localhost html]# systemctl start nginx.serviceStep 4: Open a Win10 virtual machine to verify Install fiddler.exe packet capture software on the client, and open the browser to access the 192.168.235.158 web page
Summarize The above is what I introduced to you about the hidden version number of Nginx and the web page cache time. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website! You may also be interested in:
|
<<: Mysql classic high-level/command line operation (quick) (recommended)
>>: Practical example of nested routes in vue.js Router
Recommend
MySQL data operation-use of DML statements
illustrate DML (Data Manipulation Language) refer...
Vue implements a simple timer component
When doing a project, it is inevitable to encount...
Detailed tutorial on installing Docker on CentOS 7.5
Introduction to Docker Docker is an open source c...
What are the new features of Apache Spark 2.4, which will be released in 2018?
This article is from the Apache Spark Meetup held...
User needs lead to marketing-oriented design
<br />For each of our topics, the team will ...
How to solve the problem that mysql cannot be closed
Solution to mysql not closing: Right-click on the...
Using js to achieve the effect of carousel
Today, let's talk about how to use js to achi...
Vuex implements simple shopping cart function
This article example shares the specific code of ...
Two methods to implement MySQL group counting and range aggregation
The first one: normal operation SELECT SUM(ddd) A...
The experience gained from comparing and analyzing the homepages of domestic social networking websites is shared with everyone (picture)
This article hopes to gain some insights through a...
Teach you a trick to permanently solve the problem of MySQL inserting Chinese characters
Table of contents Preface first step: Step 2: Mod...
MySQL 8.0.23 Major Updates (New Features)
Author: Guan Changlong is a DBA in the Delivery S...
Analysis of MySQL cumulative aggregation principle and usage examples
This article uses examples to illustrate the prin...
MySQL data migration using MySQLdump command
The advantages of this solution are simplicity an...
Detailed explanation of Vue form event data binding
<body> <div id="root"> <...