Shulou(Shulou.com)06/03 Report--

Configure Nginx Hidden version number

In a production environment, the version number of Nginx needs to be hidden to reduce security risks.

View method

1. Use the fiddler I tool to view the Nginx version number on the Windows client

Use the "curl-I URL" command in the CentOS system to view

The method of hiding version number in Nginx

1. The method of modifying configuration files

2. Modify the source code method

Experiment

I. the method of modifying configuration files

The value of the server_ tokens option in 1.Nginx 's configuration file is set to off

[root@www conf] # vim nginx.conf.server_ tokens off;. [root@www conf] # nginx-t

2. Restart the service, visit the website and use the curl-I command to detect

[root@www conf] # service nginx restart [root@www conf] # curl-1 http://192.1 68.9.209/HTTP/1.1200 OKServer: nginx

3. If the fastcgi param SERVER SOFTWARE option is configured in the php configuration file. Edit the php-fpm configuration file and change the value corresponding to fastcgi param SERVER SOFTWARE to

Fastcgi_ param SERVER_ SOFTWARE nginx

Second, modify the source code method

In addition to hiding the version number, we can also give the wrong version number to those who intend to go wrong and modify the nginx.hwen (disadvantage: nginx needs to be recompiled and installed)

[root@localhost nginx] # cd / opt/nginx-1.12.2/src/core/ modify the source file nginx.h [root@localhost core] # vim nginx.h # define NGINX_VERSION "9.9.9" modify the camouflage version number in this directory

Recompile and install nginx

[root@localhost core] # cd / opt/nginx-1.12.2/ [root@localhost nginx-1.12.2] #. / configure\-- prefix=/usr/local/nginx\-- user=nginx\-- group=nginx [root@localhost nginx-1.12.2] # make & & make install / / recompile and install [root@localhost nginx-1.12.2] # cd / usr/local/nginx/conf/ [root@localhost conf] # service nginx Stop / / restart the service [root@localhost conf] # service nginx start

Check to see if the camouflage is successful (make sure server_tokens on; is in the main configuration file)

[root@localhost conf] # curl-I http://192.168.142.128HTTP/1.1 200 OKServer: nginx/9.9.9 / / camouflage success Date: Wed, 13 Nov 2019 08:38:17 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Wed, 13 Nov 2019 08:04:45 GMTConnection: keep-aliveETag: "5dcbb91d-264" Accept-Ranges: bytesnginx timeout Management

In order to ensure the most effective use of resources, it is not occupied by users who do not operate for a long time, so it is necessary to manage the timeout.

1. Modify the main configuration file

[root@localhost conf] # pwd/usr/local/nginx/conf [root@localhost conf] # vim nginx.conf find 'keepalive_timeout', modification and add keepalive_timeout 65 180 below; # is the server timeout and client timeout, respectively. Client_header_timeout 80; # timeout waiting for the client to send the request header client_body_timeout 70; # client sending request body timeout [root@localhost conf] # service nginx stop [root@localhost conf] # service nginx startnginx process management

1. By default, the running process (worker_processes) of nginx is only 1

[root@localhost conf] # ps aux | grep nginxroot 43055 0.00.0 20540? Ss 17:13 0:00 nginx: master process / usr/local/nginx/sbin/nginx / / the main process is immutable nginx 43056 43056 23064 1380? S 17:13 0:00 nginx: worker process / / the worker process can be changed manually on a case-by-case basis. Root 43189 0.0 112728 968 pts/1 S + 17:25 0:00 grep-- color=auto nginx

2. In order to have higher processing efficiency for servers with multi-core processors, we need to modify the process (this experimental environment is a 2-core server).

[root@localhost conf] # pwd/usr/local/nginx/conf [root@localhost conf] # vim nginx.conf search 'worker_processes', and add worker_processes 2; # modified to the same number as cpu worker_cpu_affinity 01 10; # set each process to be handled by a different cpu [root@localhost conf] # service nginx stop # restart service [root@localhost conf] # service nginx start

3. At this point, we will once again check the process of nginx (there will be two working processes)

[root@localhost conf] # ps aux | grep nginxroot 43353 0.00.0 20540? Ss 17:36 0:00 nginx: master process / usr/local/nginx/sbin/nginxnginx 43354 0.0 0.0 23064 1372? S 17:36 0:00 nginx: worker processnginx 43355 0.0 0.0 23064 1364? S 17:36 0:00 nginx: worker processroot 43367 0.0 112728 972 pts/1 S + 17:37 0:00 grep-color=auto nginx is done for today!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.