Nginx Service Optimization (1) hide the version number 01/16 Update SLTechnology News&Howtos

Nginx Service Optimization (1) hide the version number

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Configure Nginx Hidden version number

In a production environment, the version number of Nginx needs to be hidden to avoid leakage of security vulnerabilities.

View method

Use the fiddler tool to view the Nginx version number on the Windows client

In the CentOS system, use the "curl-I URL" command to check the Nginx hidden version number method to modify the configuration file method to modify the source code method to compile and install nginx service 1. Share the toolkit on the host

two。 Mount the toolkit to the Linux system [root@localhost ~] # mkdir / mnt/tools [root@localhost ~] # smbclient-L / / 192.168.100.50/Enter SAMBA\ root's password: OS= [Windows 10 Enterprise LTSC 2019 17763] Server= [Windows 10 Enterprise LTSC 2019 17763] Sharename Type Comment-IPC$ through the Samba service IPC remote IPC share Disk tools Disk Users Disk Connection to 192.168.100.50 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) NetBIOS over TCP disabled-no workgroup available [root@localhost ~] # mount.cifs / / 192.168.100.50/tools / mnt/tools/Password for root@//192.168.100.50/tools: [root@localhost ~] # 3. Extract the nginx service source code package to the "/ opt/" directory [root@localhost ~] # cd / mnt/tools/ [root@localhost tools] # lsawstats-7.6.tar.gz extundelete-0.2.4.tar.bz2 forbid.png jdk-8u191-windows-x64.zip LAMP-C7 picture.jpgcronolog-1.6.2-14.el7.x86_64.rpm fiddler.exe intellijideau2018.rar john -1.8.0.tar.gz LNMP [root@localhost tools] # cd LNMP/ [root@localhost LNMP] # lsDiscuz_X3.4_SC_UTF8.zip mysql-boost-5.7.20.tar.gz nginx-1.12.2.tar.gz php-7.1.10.tar.bz2 php-7.1.20.tar.gz [root@localhost LNMP] # tar zxvf nginx-1.12.2.tar.gz-C / opt/. . / / omit the decompression process [root@localhost LNMP] # 4. Install the toolkit required for compilation [root@localhost ~] # yum install gcc gcc-c++ pcre-devel zlib-devel-y.bat / omit the installation process [root@localhost ~] # 5. Switch to the nginx service source package directory Create a nginx user [root@localhost LNMP] # cd / opt/ [root@localhost opt] # lsnginx-1.12.2 rh [root@localhost opt] # cd nginx-1.12.2/ [root@localhost nginx-1.12.2] # lsauto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src [root@localhost nginx-1.12.2] # [root@localhost nginx-1.12.2] # useradd-M-s / sbin/nologin nginx / /-M non-invasive Home directory [root@localhost nginx-1.12.2] # id nginxuid=1001 (nginx) gid=1001 (nginx) group = 1001 (nginx) [root@localhost nginx-1.12.2] # 6. Configure nginx service [root@localhost nginx-1.12.2] #. / configure\ >-- prefix=/usr/local/nginx\ / / installation path >-- user=nginx\ / / owner >-- group=nginx\ / / generic group >-- with-http_stub_status_module / / enable statistical module 7. Compile and install the nginx service [root@localhost nginx-1.12.2] # make & & make install.// omit process [root@localhost nginx-1.12.2] # 8. In a directory that is easily recognized by the system Create a soft link for nginx service commands [root@localhost nginx-1.12.2] # ln-s / usr/local/nginx/sbin/* / usr/local/sbin/ create a soft link [root@localhost nginx-1.12.2] # nginx- t / / profile Test nginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful [root @ localhost nginx-1.12.2] # 9. Create a nginx service management script (you can choose one)

Script 1: manage through the "systemctl" command

[root@localhost nginx-1.12.2] # cd / lib/systemd/system [root@localhost system] # vim nginx.service[ Unit] Description=nginxAfter= network.target [service] Type=forkingPIDFile=/usr/local/nginx/logs/nginx.pidExecStart=/usr/local/nginx/sbin/nginxExecReload=/usr/bin/kill-s HUP $MAINPIDExecStop=/usr/bin/kill-s QUIT $MAINPIDPrivateTmp= truth [install] WantedBy=multi-user.target [root@localhost system] # chmod 754 nginx.service / / add execution permission [root@localhost system] # Systemctl start nginx.service / / enable service [root@localhost system] # netstat-ntap | grep 80 / / View tcp80 port tcp 0 00.0.0.0netstat 80 0.0.0.0netstat * LISTEN 52924/nginx: master [root@localhost system] # [root@localhost system] # systemctl stop firewalld.service / / turn off firewall [root@localhost system] # setenforce 0 [root@localhost system] #

Script 2: manage through the "service" command

[root@nginx nginx-1.12.2] # vim / PIDF= init. DGINGINGINIT.DGINGINGINGINTHBH # chkconfig:-99 2 steps description: Nginx Service Control ScriptPROG= "/ usr/local/nginx/sbin/nginx" PIDF= "/ usr/local/nginx/logs/nginx.pid" case "$1" in start) $PROG;; stop) kill-s QUIT $(cat $PIDF); restart) $0 stop $0 start;; reload) kill-s HUP $(cat $PIDF) *) echo "Usage: $0 {start | stop | restart | reload}" exit 1esacexit 0 [root@nginx nginx-1.12.2] # [root@nginx nginx-1.12.2] # chmod + x / etc/init.d/nginx / / add execution permission [root@nginx nginx-1.12.2] # chkconfig-- add nginx / / add so that service can recognize the nginx service [root@nginx nginx-1.12.2] # [root@nginx nginx- 1.12.2] # service nginx start / / enable the service [root@nginx nginx-1.12.2] # netstat-ntap | grep 80 / / View tcp80 port tcp 0 0 0.0 0. 0. 0. 0. 0. 0. 0. 0. 0. Systemctl stop * LISTEN 58696/nginx: master [root@nginx nginx-1.12.2] # [root@nginx nginx-1.12.2] # systemctl stop Firewalld.service / / turn off firewall [root@nginx nginx-1.12.2] # setenforce 0 [root@nginx nginx-1.12.2] # modify configuration file method 1. Check the IP address [root@localhost nginx-1.12.2] # ifconfig ens33: flags=4163 mtu 1500 inet 192.168.52.131 netmask 255.255.255.0 broadcast 192.168.52.255 inet6 fe80::8629:c3e2:139c:884a prefixlen 64 scopeid 0x20 ether 00:0c:29:7a:41:33 txqueuelen 1000 (Ethernet) RX packets 53364 bytes 74679913 (71.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16068 bytes 1016893 (993.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02. Check the version number [root@localhost nginx-1.12.2] # curl-I http://192.168.52.131/HTTP/1.1 200 OKServer: nginx/1.12.2 / / version number Date: Wed, 13 Nov 2019 07:10:22 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Wed, 13 Nov 2019 07:03:51 GMTConnection: keep-aliveETag: "5dcbaad7-2019" Accept-Ranges: bytes [root@localhost nginx-1.12.2] # 3. Modify the configuration file [root@localhost nginx-1.12.2] # vim / usr/local/nginx/conf/nginx.confhttp {include mime.types; default_type application/octet-stream; server_tokens off; / / add, turn off the version number display 4. Check the version number again [root@localhost nginx-1.12.2] # service nginx restart [root@localhost nginx-1.12.2] # curl-I http://192.168.52.131/HTTP/1.1 200 OKServer: nginx / / the version number no longer displays Date: Wed, 13 Nov 2019 07:15:09 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Wed 13 Nov 2019 07:03:51 GMTConnection: keep-aliveETag: "5dcbaad7-264" Accept-Ranges: bytes [root@localhost nginx-1.12.2] # modify source code method 1. Modify the configuration file [root@localhost nginx-1.12.2] # vim / usr/local/nginx/conf/nginx.confhttp {include mime.types; default_type application/octet-stream; server_tokens on; / / turn on version number display 2. Modified version number [root@localhost nginx-1.12.2] # vim src/core/nginx.h#define nginx_version 1012002#define NGINX_VERSION "1.1.1" / / modified version number is 1.1.1#define NGINX_VER "nginx/" NGINX_VERSION3. Reconfigure nginx service [root@localhost nginx-1.12.2] # lsauto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src [root@localhost nginx-1.12.2] #. / configure\ >-- prefix=/usr/local/nginx\ >-- user=nginx\ >-- group=nginx\ >-- with-http_stub_status_module.// omits the configuration process 4. Recompile and install the nginx service [root@localhost nginx-1.12.2] # make & & make install.// omits the compilation process [root@localhost nginx-1.12.2] # 5. Start the service And check the version number [root@localhost nginx-1.12.2] # service nginx restart / / start the service [root@localhost nginx-1.12.2] # curl-I http://192.168.52.131/ View version HTTP/1.1 200 OKServer: nginx/1.1.1 / / version number camouflaged successfully Date: Wed, 13 Nov 2019 07:35:32 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Wed 13 Nov 2019 07:03:51 GMTConnection: keep-aliveETag: "5dcbaad7-264" Accept-Ranges: bytes

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.