Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to hide the version number of Nginx. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

Nginx Hidden version number

In a production environment, the version number of Nginx needs to be hidden to avoid disclosure of security vulnerabilities.

View method

Use the fiddler tool to view the Nginx version number on the Windows client

Use the "curl-I URL" command in the centos system to view

The method of hiding version number in Nginx

Modification of configuration file method

Modified source code method

First, install Nginx

1. Use remote sharing on Linux to get files and mount them to the mnt directory

[root@localhost ~] # smbclient-L / / 192.168.100.3 / # # remote share access Enter SAMBA\ root's password: Sharename Type Comment-LNMP-C7 Disk [root@localhost ~] # mount.cifs / / 192.168.100.3 LNMP- C7 / mnt # # Mount to / mnt directory

2. Decompress the source code package to / opt, and check

[root@localhost ~] # cd / mnt # # switch to the mount point directory [root@localhost mnt] # lsDiscuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gzmysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz [root@localhost mnt] # tar zxvf nginx-1.12.2.tar.gz-C / opt # # decompress the Nginx source code package to [root@localhost mnt] # cd / opt under / opt / # # switch to [root@localhost opt] # lsnginx-1.12.2 rh under the decompressed directory

3. Install the environment package needed for compilation

[root@localhost opt] # yum-y install\ gcc\ / / c language gcc-c++\ / / C++ language pcre-devel\ / / pcre language tool zlib-devel / / function library for data compression

4, create the program user nginx and compile Nginx

[root@localhost opt] # useradd-M-s / sbin/nologin nginx # # Creator user Security non-login status [root@localhost opt] # id nginxuid=1001 (nginx) gid=1001 (nginx) group = 1001 (nginx) [root@localhost opt] # cd nginx-1.12.0/ # # switch to the nginx directory [root@localhost nginx-1.12.0]. / configure\ # # configure nginx >-- prefix=/usr/local/nginx\ # # installation path >-- user=nginx\ # # user Name >-- group=nginx\ # # user group >-- with-http_stub_status_module # # status statistics module

5, compile and install

[root@localhost nginx-1.12.0] # make # # compile... [root@localhost nginx-1.12.0] # make install # # install... [root@localhost nginx] # ln-s / usr/local/nginx/sbin/nginx / usr/local/sbin/ # # create a soft connection to let the system recognize the nginx startup script

6. Make management scripts that are easy to use in service management.

[root@localhost nginx] # cd / etc/init.d/ # # switch to the startup configuration file directory [root@localhost init.d] # lsfunctions netconsole network README [root@localhost init.d] # vim nginx # # Edit startup script file #! / bin/bash# chkconfig:-99 20 # # comment Information # description: Nginx Service Control ScriptPROG= "/ usr/local/nginx/sbin/nginx" # # setting change Set the variable for the nginx command file PIDF= "/ usr/local/nginx/logs/nginx.pid" # # the PID file process number is 5346case "$1" in start) $PROG # # enable the service ; stop) kill-s QUIT $(cat $PIDF) # # disable the service;; restart) # # restart the service $0 stop $0 start Reload) # # reload service kill-s HUP $(cat $PIDF) *) # # incorrect input prompt echo "Usage: $0 {start | stop | restart | reload}" exit 1esacexit 0 [root@localhost init.d] # chmod + x / etc/init.d/nginx # # give startup script execution permission [root@localhost init.d] # chkconfig-- add nginx # # add to service Manager [root@localhost init.d] ] # service nginx stop # # you can use service to control nginx [root@localhost init.d] # service nginx start

Second, hide the version number

[root@localhost init.d] # curl-I http://192.168.13.140/ # # View Nginx information HTTP/1.1 200 OKServer: nginx/1.12.2 # # display version number Date: Tue, 12 Nov 2019 14:23:24 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Tue 12 Nov 2019 13:46:35 GMTConnection: keep-aliveETag: "5dcab7bb-264" Accept-Ranges: bytes [root@localhost init.d] # vim / usr/local/nginx/conf/nginx.conf # # modify the configuration file http {# # add include mime.types under http Default_type application/octet-stream; server_tokens off # # close version number [root@localhost init.d] # service nginx stop # # close service [root@localhost init.d] # service nginx start # # enable service [root@localhost init.d] # curl-I http://192.168.13.140/ # # View Nginx information HTTP/1.1 200 OK Server: nginx # # version number is hidden Date: Tue, 12 Nov 2019 14:22:00 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Tue 12 Nov 2019 13:46:35 GMTConnection: keep-aliveETag: "5dcab7bb-264" Accept-Ranges: bytes

Third, forge the version number (need to recompile and install, you can operate before compilation and installation)

1. Open the version number.

[root@localhost init.d] # vim / usr/local/nginx/conf/nginx.confhttp {include mime.types; default_type application/octet-stream; server_tokens on; # # Open version number

2. Modify the Nginx source package file

[root@localhost init.d] # cd / opt/nginx-1.12.2/src/core/ # # switch to the src source package directory [root@localhost core] # vim nginx.h # # modify the file # define NGINX_VERSION "1.1.1" # # where the version number falsely creates 1.1.1

3, recompile and install

[root@localhost core] # cd / opt/nginx-1.12.2/ # # change the directory to [root@localhost nginx-1.12.2] # / configure\ # # reconfigure >-- prefix=/usr/local/nginx\ >-- user=nginx\ >-- group=nginx\ >-- with-http_stub_status_module [root@localhost nginx-1.12.0] # make # # recompile. [root@localhost nginx-1. 12.0] # make install # # reinstall.

4. Restart the Nginx service to view the version information

[root@localhost nginx-1.12.2] # service nginx stop # # close [root@localhost nginx-1.12.2] # service nginx start # # turn on [root@localhost nginx-1.12.2] # curl-I http://192.168.13.140/ # # View Nginx information OK Server: nginx/1.1.1 # # the version number at this time is the forged version number Date: Tue 12 Nov 2019 14:34:02 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Tue, 12 Nov 2019 13:46:35 GMTConnection: keep-aliveETag: "5dcab7bb-264" Accept-Ranges: bytes

Nginx web page caching time

When Nginx returns the web page data to the client, the cache time can be set to facilitate direct return when making requests for the same content in the future, avoiding repeated requests and speeding up the access speed.

Generally, it is set for static web pages, but not for dynamic web pages.

You can use fiddler to view the page caching time in the Windows client

Setting method

You can modify the configuration file to add expiration parameters for specific content in the http section, or the server section, or the location section.

Experimental environment

One Nginx server

A testing machine win10

First, copy the picture to the site directory of Nginx

[root@localhost ~] # cd / mnt/ # # switch to mount point [root@localhost mnt] # ls11.jpg mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz22.jpg nginx-1.12.2.tar.gzDiscuz_X3.4_SC_UTF8.zip php-7.1.10.tar.bz2 [root@localhost mnt] # cp 11.jpg / usr/local/nginx/html/ # # Copy the picture to the site [root@localhost mnt] # cd / usr/local/nginx/html/ # # switch to [root@localhost html] # ls11.jpg 50x.html index.html under the site

Second, modify the web page information and add the picture to the index.html file

[root@localhost html] # vim index.html # # modify web page information Welcome to nginx!

# # adding images to web pages

Third, modify the configuration file information

[root@localhost html] # vim / usr/local/nginx/conf/nginx.conf # # modify configuration file events {worker_connections 1024;} user nginx nginx; # # modify Nginx user and group # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~\. (gif | jepg | jpg | bmp | png) ${# support image format root html; # # site expires 1D # # Cache for one day} [root@localhost html] # service nginx stop # # disable enabling service [root@localhost html] # service nginx start

Fourth, use fiddler to view the cache

Log cutting of Nginx

As the Nginx elapsed time, so did the logs. In order to easily grasp the running status of Nginx, you need to pay attention to the log files all the time.

Too large log files are a disaster for monitoring.

Cut log files regularly

Nginx itself does not have the function of log segmentation, but it can be automatically cut through the script of Nginx signal control function, and log cutting can be carried out periodically through the planned task of Linux.

1. Write a log split script file

[root@localhost ~] # vim fenge.sh # # script file #! / bin/bash#Filename:fenge.shd=$ (date-d "- 1 day"+% Y%m%d") # # shows the time of the day before logs_path= "/ var/log/nginx" # the path to split the log pid_path= "/ usr/local/nginx/logs/nginx.pid" # # pid [- d $logs | | mkdir-p $logs_path # # if there is no directory, create a directory mv / usr/local/nginx/logs/access.log ${logs_path} / test.com-access.log-$d## original log file generation to the new path kill-USR1 $(cat $pid_path) # # end regenerating the new pid file find $logs_path-mtime + 30 | xargs rm-rf # # Delete the log file 30 days ago [root@localhost ~] # Chmod + x fenge.sh # # give execution permission [root@localhost ~] #. / fenge.sh # # execute script file

2. View log segmentation

[root@localhost ~] # cd / var/log/nginx/ # # switch to [root@localhost nginx] # lstest.com-access.log-20191112 [root@localhost nginx] # date-s 2019-11-14 # # modify date tomorrow on Thursday, November 14, 2019, 00:00:00 CST [root@localhost nginx] # cd ~ [root@localhost ~] #. / fenge.sh # # re-execute the script [root] @ localhost ~] # cd / var/log/nginx/ [root@localhost nginx] # ls # # View the log file test.com-access.log-20191112 test.com-access.log-20191113

3. Set periodic scheduled tasks

[root@localhost nginx] # crontab-e # # Periodic Planning Task 0 1 * / opt/fenge.sh this is the end of the article on "how to hide your version number in Nginx". I hope the above content can be helpful to you so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.