How to hide the version number in Nginx

Nginx hides version number

In a production environment, you need to hide the version number of Nginx to avoid the disclosure of security vulnerabilities.

View Method

Use the fiddler tool to check the Nginx version number on the Windows client. Use the "curl -I URL" command to check it on the centos system.

How to hide the version number in Nginx

Modify the configuration file Modify the source code

1. Install Nginx

1. Use remote sharing on Linux to obtain files and mount them to the mnt directory

[root@localhost ~]# smbclient -L //192.168.100.3/ ##Remote share access Enter SAMBA\root's password: 

                Sharename Type Comment
                --------- ---- -------
                LNMP-C7 Disk    
[root@localhost ~]# mount.cifs //192.168.100.3/LNMP-C7 /mnt ##Mount to the /mnt directory

2. Unzip the source package to /opt and check

[root@localhost ~]# cd /mnt ##Switch to the mount point directory [root@localhost mnt]# ls
Discuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gz
mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz
[root@localhost mnt]# tar zxvf nginx-1.12.2.tar.gz -C /opt ##Unzip the Nginx source package to /opt [root@localhost mnt]# cd /opt/ ##Switch to the unzipped directory [root@localhost opt]# ls
nginx-1.12.2 rh

3. Install the environment component package required for compilation

[root@localhost opt]# yum -y install \
gcc \ //c language gcc-c++ \ //c++ language pcre-devel \ //pcre language tool zlib-devel //data compression library

4. Create program user nginx and compile Nginx

[root@localhost opt]# useradd -M -s /sbin/nologin nginx ##Create a program user, safe and unavailable for login [root@localhost opt]# id nginx
uid=1001(nginx) gid=1001(nginx) group=1001(nginx)
[root@localhost opt]# cd nginx-1.12.0/ ##Switch to the nginx directory [root@localhost nginx-1.12.0]# ./configure \ ##Configure nginx
> --prefix=/usr/local/nginx \ ##Installation path> --user=nginx \ ##User name> --group=nginx \ ##User group> --with-http_stub_status_module ##Status statistics module

5. Compile and install

[root@localhost nginx-1.12.0]# make ##Compile...
[root@localhost nginx-1.12.0]# make install ##Install...
[root@localhost nginx]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 
##Create a soft link to let the system recognize the nginx startup script

6. Create management scripts to facilitate service management

[root@localhost nginx]# cd /etc/init.d/ ##Switch to the startup configuration file directory [root@localhost init.d]# ls
functions netconsole network README
[root@localhost init.d]# vim nginx ##Edit the startup script file #!/bin/bash
# chkconfig: - 99 20 ##Comment information# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx" ##Set the variable to the nginx command file PIDF="/usr/local/nginx/logs/nginx.pid" ##Set the variable PID file process number to 5346
case "$1" in 
        start)
                $PROG ##Start the service;;
        stop)
                kill -s QUIT $(cat $PIDF) ##Close the service;;
        restart) ##Restart the service $0 stop
                $0 start
                ;;
        reload) ##Reload service kill -s HUP $(cat $PIDF)
                ;;
        *) ##Error input prompt echo "Usage: $0 {start|stop|restart|reload}"
               exit 1
esac
exit 0
[root@localhost init.d]# chmod +x /etc/init.d/nginx ##Give the startup script execution permission [root@localhost init.d]# chkconfig --add nginx ##Add to the service manager [root@localhost init.d]# service nginx stop ##You can use service to control nginx
[root@localhost init.d]# service nginx start

2. Hide the version number

[root@localhost init.d]# curl -I http://192.168.13.140/ ##View Nginx information HTTP/1.1 200 OK
Server: nginx/1.12.2 ##Show version number Date: Tue, 12 Nov 2019 14:23:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes
[root@localhost init.d]# vim /usr/local/nginx/conf/nginx.conf ##Modify the configuration file http { ##Add include mime.types under http;
    default_type application/octet-stream;
    server_tokens off; ##Turn off version number [root@localhost init.d]# service nginx stop ##Turn off service [root@localhost init.d]# service nginx start ##Turn on service [root@localhost init.d]# curl -I http://192.168.13.140/ ##View Nginx information HTTP/1.1 200 OK   
Server: nginx ##Version number is hidden Date: Tue, 12 Nov 2019 14:22:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes

3. Forge the version number (need to recompile and install, can be done before compiling and installing)

1. Open the version number

[root@localhost init.d]# vim /usr/local/nginx/conf/nginx.conf
http {
    include mime.types;
    default_type application/octet-stream;
    server_tokens on; ##Open version number

2. Modify the Nginx source package file

[root@localhost init.d]# cd /opt/nginx-1.12.2/src/core/ ##Switch to the src source package directory [root@localhost core]# vim nginx.h ##Modify the file #define NGINX_VERSION "1.1.1" ##The version number here is forged to 1.1.1

3. Recompile and install

[root@localhost core]# cd /opt/nginx-1.12.2/ ##Switch directory to Nginx [root@localhost nginx-1.12.2]# ./configure \ ##Reconfigure> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.12.0]# make ##Recompile...
[root@localhost nginx-1.12.0]# make install ##Reinstall...

4. Restart the Nginx service and check the version information

[root@localhost nginx-1.12.2]# service nginx stop ##Close [root@localhost nginx-1.12.2]# service nginx start ##Open [root@localhost nginx-1.12.2]# curl -I http://192.168.13.140/ ##View Nginx information HTTP/1.1 200 OK 
Server: nginx/1.1.1 ##The version number at this time is a fake version number Date: Tue, 12 Nov 2019 14:34:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes

Nginx web page cache time

When Nginx returns web page data to the client, you can set the cache time to facilitate direct return when the same content is requested in the future, avoiding repeated requests and speeding up access.
Generally set for static web pages, no cache time is set for dynamic web pages
You can use fiddler in the Windows client to view the web page cache time

How to set it up

You can modify the configuration file and add expiration parameters for specific content in the http section, server section, or location section.

Experimental environment

One Nginx server and one test machine Win10

1. Copy the image to the Nginx site directory

[root@localhost ~]# cd /mnt/ ##Switch to the mount point [root@localhost mnt]# ls
11.jpg mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz
22.jpg nginx-1.12.2.tar.gz
Discuz_X3.4_SC_UTF8.zip php-7.1.10.tar.bz2  
[root@localhost mnt]# cp 11.jpg /usr/local/nginx/html/ ##Copy the image to the site[root@localhost mnt]# cd /usr/local/nginx/html/ ##Switch to the site[root@localhost html]# ls
11.jpg 50x.html index.html

Second, modify the web page information and add the image to the index.html file

[root@localhost html]# vim index.html ##Modify web page information</head>
<body>
<h1>Welcome to nginx!</h1>
<img src="11.jpg"/> ##Add the image to the webpage

3. Modify configuration file information

[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf ##Modify the configuration file events {
    worker_connections 1024;
}
    user nginx nginx; ##Modify Nginx user and group # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  #
  location ~\.(gif|jepg|jpg|ico|bmp|png)$ { ##Supported image format root html; ##Site expires 1d; ##Cache for one day}
[root@localhost html]# service nginx stop ##Close and open the service [root@localhost html]# service nginx start

Fourth, use fiddler to view the cache

Nginx log cutting

As Nginx runs longer, the logs will also increase. In order to easily grasp the running status of Nginx, you need to always pay attention to the log files

Too large a log file is a disaster for monitoring

Regularly cut log files

Nginx itself does not have the function of log segmentation, but it can realize automatic log segmentation through the script of Nginx signal control function, and periodically perform log segmentation through Linux scheduled tasks.

1. Write a log segmentation script file

[root@localhost ~]# vim fenge.sh ##Write script file #!/bin/bash
#Filename:fenge.sh
d=$(date -d "-1 day" "+%Y%m%d") ##Show the time one day ago logs_path="/var/log/nginx" ##Save path for split logs pid_path="/usr/local/nginx/logs/nginx.pid" ##pid path [ -d $logs_path ] || mkdir -p $logs_path ##Create a directory if there is no directory mv /usr/local/nginx/logs/access.log ${logs_path}/test.com-access.log-$d
##Generate the original log file to the new path kill -USR1 $(cat $pid_path) ##End the regeneration of the new pid file find $logs_path -mtime +30 | xargs rm -rf ##Delete the log file 30 days ago [root@localhost ~]# chmod +x fenge.sh ##Give execution permission [root@localhost ~]# ./fenge.sh ##Execute the script file

2. Check the log segmentation

[root@localhost ~]# cd /var/log/nginx/ ##Switch to the Nginx log directory [root@localhost nginx]# ls
test.com-access.log-20191112
[root@localhost nginx]# date -s 2019-11-14 ##Modify the date to tomorrow's time Thursday, November 14, 2019 00:00:00 CST
[root@localhost nginx]# cd ~
[root@localhost ~]# ./fenge.sh ##Re-execute the script [root@localhost ~]# cd /var/log/nginx/
[root@localhost nginx]# ls ##View log segmentation log files test.com-access.log-20191112 test.com-access.log-20191113

3. Set up periodic scheduled tasks

[root@localhost nginx]# crontab -e ##Periodic scheduled tasks 0 1 * * * /opt/fenge.sh

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

How to hide and forge version number in Nginx
How to hide the version number and web page cache time in Nginx
Solution to nginx hiding version number and WEB server information
Multiple ways to configure nginx to hide the version number

<<: Vue3 implements CSS infinite seamless scrolling effect

>>: MySQL 8.0.15 installation tutorial for Windows 64-bit

MySQL database monitoring software lepus usage problems and solutions

How to hide the version number in Nginx

MySQL database monitoring software lepus usage problems and solutions

Mysql Chinese sorting rules description

Vue implements adding watermark effect to the page

The difference between html Frame, Iframe and Frameset

CSS implements Google Material Design text input box style (recommended)

How to use vue-video-player to achieve live broadcast

Examples of using the or statement in MySQL

How to install mysql on centos and set up remote access

JavaScript Dom implements the principle and example of carousel

An article teaches you how to implement a recipe system with React

Recommend

40 web page designs with super large fonts

3 ways to correctly modify the maximum number of connections in MySQL

Talk about the understanding of CSS attribute margin

idea uses docker plug-in to achieve one-click automated deployment

mysql-5.7.21-winx64 free installation version installation--Windows tutorial detailed explanation

The perfect solution to the error of installing Mysql Applying Security in windows server2014

Nginx access log and error log parameter description

This article will help you understand JavaScript variables and data types

DOCTYPE Document Type Declaration (Must-Read for Web Page Lovers)

The easiest way to create a new user and grant permissions to MySQL

File upload via HTML5 on mobile

How can MySQL effectively prevent database deletion and running away?

A detailed introduction to Linux system operation levels

js to achieve interesting countdown effect

Vue Element front-end application development dynamic menu and routing association processing