How to hide the version number and web page cache time in Nginx

Nginx optimization---hiding version number and web page cache time

Configure Nginx to hide the version number

In a production environment, you need to hide the Nginx version number to avoid security issues.

Vulnerability disclosure

View Method

● Use fiddler tool to check Nginx version number on Windows client

Use the "curl -I URL" command to view in CentOS system

How to hide the version number in Nginx

● Modify the configuration file method

●Modify source code

Modify the configuration file method

1. Set the value of the server_tokens option in the Nginx configuration file to off

[root@www conf]# vim nginx.conf
.....
server_tokens off;
.....
[root@www conf]# nginx -t

2. Restart the service and access the website using the curl -I command to test

[root@www conf]# service nginx restart
[root@www conf]# curl -1 http://192.1 68.9.209/
HTTP/1.1200 OK
Server: nginx

3. If the fastcgi param SERVER SOFTWARE option is configured in the PHP configuration file. Then edit the php-fpm configuration file and change the value of fastcgi param SERVER SOFTWARE to

fastcgi_ param SERVER_ SOFTWARE nginx;

Modify source code

The Nginx source code file /usr/src/nginx-1.12.0/src/core/nginx.h contains version information. You can set it to recompile and install at will, and hide the version information.

Example:

#define NGINX_ _VERSION "1.1.1" , change the version number to 1.1.1
#define NGINX_ VER "IIS/" , change the software type to IIS

Restart the service and access the website using the curl -I command to test

Modify Nginx user and group

The Nginx runtime process needs to have user and group support to implement access control when reading website files

Nginx uses the nobody user account and group account by default, which usually needs to be modified

Modification method

●Specify the user and group when compiling and installing ●Modify the configuration file to specify the user and group

Modify the configuration file to specify

1. Create a new user account, such as nginx

2. Modify the user option in the main configuration file and specify the user account

3. Restart the nginx service to make the configuration effective

4. Use the ps aux command to view the process information of nginx and verify the running user

Account Change Effect

[root@www conf]# vi nginx.conf
user nginx nginx;
[root@www conf]# service nginx restart
[root@www conf]# ps aux lgrep nginx
root 1300340.0 0.0 20220 620? Ss 19:41 0:00 nginx: master process
/usr/local/sbin/nginx
nginx 1300350.0 0.0 20664 1512 ?S 19:41 0:00 nginx: worker process

Configure Nginx web page cache time

When Nginx returns web page data to the client, you can set the cache time to facilitate direct return when the same content is requested in the future, avoiding repeated requests and speeding up access. It is usually set for static web pages, and no cache time is set for dynamic web pages. You can use fiddler in the Windows client to view the web page cache time.

How to set it up

You can modify the configuration file and add expiration parameters for specific content in the http section, server section, or location section.

Example

Modify the Nginx configuration file and add the expires parameter in the location section

location ~ \.(gifjpgliepglpnglbmplico)$ {
root html;
expires 1d;

Hide version number example demonstration

1. Compile and install Nginx service

Step 1: Remotely obtain the source package on Windows and mount it on Linux

[root@localhost ~]# smbclient -L //192.168.235.1
Enter SAMBA\root's password: 
Sharename Type Comment
--------- ---- -------
LNMP Disk 

[root@localhost ~]# mkdir /abc
[root@localhost ~]# mount.cifs //192.168.235.1/LNMP /abc
Password for root@//192.168.235.1/LNMP: 
[root@localhost ~]# ls /abc
Discuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gz
game.jpg php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz
nginx-1.12.0.tar.gz

Step 2: Unzip the source package

[root@localhost ~]# cd /abc
[root@localhost abc]# tar zxvf nginx-1.12.0.tar.gz -C /opt
[root@localhost abc]# ls /opt
nginx-1.12.0 rh

Step 3: Download and install the compilation component package

[root@localhost abc]# cd /opt
[root@localhost opt]# yum install -y \
> gcc \ //C language> gcc-c++ \ //c++ language> pcre-devel \ //pcre language tool> zlib-devel //compression function library

Step 4: Create a program user and configure Nginx service related components

[root@localhost opt]# useradd -M -s /sbin/nologin nginx
//Create program user nginx and restrict it from logging into the terminal [root@localhost opt]# cd nginx-1.12.0/
[root@localhost nginx-1.12.0]# ./configure \      
//Configure nginx
> --prefix=/usr/local/nginx \    
//Specify the installation path> --user=nginx \
//Specify username> --group=nginx \
//Specify the group to which the user belongs> --with-http_stub_status_module
//Install status statistics module

Step 5: Compile and install Nginx

[root@localhost nginx-1.12.0]# make && make install

Step 6: Optimize the Nginx service startup script and establish a command soft link

[root@localhost nginx-1.12.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 
//Create a soft link to the nginx service command to the system command [root@localhost nginx-1.12.0]# systemctl stop firewalld.service 
//Turn off the firewall [root@localhost nginx-1.12.0]# setenforce 0
//Turn off enhanced security features [root@localhost nginx-1.12.0]# nginx 
//Enter nginx to start the service [root@localhost nginx-1.12.0]# netstat -ntap | grep 80 //View the service port 80, showing that tcp is enabled 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7520/nginx: master

Step 7: systemctl manages nginx scripts

[root@localhost ~]# vim /lib/systemd/system/nginx.service ##Create configuration file [Unit]
Description=nginx ##Description After=network.target ##Description of service type [Service]
Type=forking ##Background running formPIDFile=/usr/local/nginx/logs/nginx.pid ##PID file locationExecStart=/usr/local/nginx/sbin/nginx ##Start serviceExecReload=/usr/bin/kill -s HUP $MAINPID ##Configure reloading according to PIDExecStop=/usr/bin/kill -s QUIT $MAINPID ##Terminate the process according to PIDPrivateTmp=true
[Install]
WantedBy=multi-user.target

[root@localhost ~]# chmod 754 /lib/systemd/system/nginx.service ##Set execution permissions [root@localhost ~]# systemctl stop nginx.service ##Shut down nginx 
[root@localhost ~]# systemctl start nginx.service ##Start nginx

2. Hide the version number by modifying the configuration file

Step 1: Check the Nginx version number by default

[root@localhost ~]# curl -I http://192.168.235.158 ##Check the version number HTTP/1.1 200 OK
Server: nginx/1.12.0
##The visible version number is 1.12.0
Date: Wed, 13 Nov 2019 08:32:59 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT
Connection: keep-alive
ETag: "5dc2278f-264"
Accept-Ranges: bytes

Step 2: Modify the nginx.conf configuration file

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

http {
  include mime.types;
  default_type application/octet-stream;
  server_tokens off;
##Add the server_tokens option to the http protocol section and set the value to off

jpg

Step 3: Verify that the Nginx version number is hidden

[root@localhost ~]# systemctl stop nginx.service 
[root@localhost ~]# systemctl start nginx.service
[root@localhost ~]# curl -I http://192.168.235.158
HTTP/1.1 200 OK
Server: nginx
##The visible version number has been hidden Date: Wed, 13 Nov 2019 09:18:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT
Connection: keep-alive
ETag: "5dc2278f-264"
Accept-Ranges: bytes

3. Modify the configuration source code to hide the version number

Step 1: Modify the nginx.conf configuration file

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
...
 server_tokens on;
 ##Replace off with on

Step 2: Modify the version information in the source code file nginx.h

[root@localhost ~]# vim /opt/nginx-1.12.0/src/core/nginx.h

#define NGINX_VERSION "1.1.1"
##Change version information to 1.1.1

Step 3: Recompile Nginx

[root@localhost ~]# cd /opt/nginx-1.12.0/
[root@localhost nginx-1.12.0]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.12.0]# make && make install

Step 4: Verify that the Nginx version number is hidden

[root@localhost nginx-1.12.0]# curl -I http://192.168.235.158 
HTTP/1.1 200 OK
Server: nginx/1.1.1
##The version number has been successfully changed to 1.1.1
Date: Wed, 13 Nov 2019 10:20:23 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT
Connection: keep-alive
ETag: "5dc2278f-264"
Accept-Ranges: bytes

Web page cache time example demonstration

Step 1: Copy the image to the site directory

[root@localhost nginx-1.12.0]# ls /abc
Discuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gz
game.jpg php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz
nginx-1.12.0.tar.gz
[root@localhost nginx-1.12.0]# cp /abc/game.jpg /usr/local/nginx/html/
[root@localhost nginx-1.12.0]# cd /usr/local/nginx/html/
[root@localhost html]# ls
50x.html game.jpg index.html

Step 2: Modify Nginx's index.html page

[root@localhost html]# vim index.html

<h1>Welcome to nginx!</h1>
<img src="game.jpg"/>
##Add the image path under the h1 tag

Step 3: Modify Nginx .conf file

[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf

user nginx nginx;
##Enter this line entry separately, specify user nginx, specify group nginx

 location ~\.(gif|jepg|jpg|ico|bmp|png)$ {
      root html;
      expires 1d;
      ##The above image types are cached for one day}

[root@localhost html]# systemctl stop nginx.service
[root@localhost html]# systemctl start nginx.service

Step 4: Open a Win10 virtual machine to verify

Install fiddler.exe packet capture software on the client, and open the browser to access the 192.168.235.158 web page

Summarize

The above is what I introduced to you about the hidden version number of Nginx and the web page cache time. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!

You may also be interested in:

How to hide and forge version number in Nginx
How to hide the version number in Nginx
Solution to nginx hiding version number and WEB server information
Multiple ways to configure nginx to hide the version number

<<: Mysql classic high-level/command line operation (quick) (recommended)

>>: Practical example of nested routes in vue.js Router

Linux RabbitMQ cluster construction process diagram

How to hide the version number and web page cache time in Nginx

Linux RabbitMQ cluster construction process diagram

Explore the truth behind the reload process in Nginx

How to use native JS to implement touch sliding monitoring events

Detailed explanation of the principles and implementation methods of Mysql account management

HTML table tag tutorial (17): table title vertical alignment attribute VALIGN

How to choose and use PNG, JPG, and GIF as web image formats

Methods and steps for Etcd distributed deployment based on Docker

Vue storage contains a solution for Boolean values

MySQL view principles and basic operation examples

How to install MySQL for beginners (proven effective)

Recommend

Docker deployment RabbitMQ container implementation process analysis

Execute initialization sql when docker mysql starts

In-depth explanation of Vue multi-select list component

N ways to align the last row of lists in CSS flex layout to the left (summary)

Analysis of common basic operations of MySQL database [create, view, modify and delete database]

jQuery implements the bouncing ball game

Comprehensive understanding of line-height and vertical-align

HTML special character conversion table

Methods and techniques for designing an interesting website (picture)

js implements form validation function

Double loading issue when the page contains img src

A brief discussion on JavaScript throttling and anti-shake

How to solve the background tiling and border breaking of CSS style div or li in IE6

Solution to prevent caching in pages

Detailed explanation of Django+Vue+Docker to build an interface testing platform