配置 Nginx 隐藏版本号
在生产环境中, 需要隐藏 Nginx 的版本号, 以避免安全漏洞的泄漏
查看方法
使用 fiddler 工具在 Windows 客户端查看 Nginx 版本号
在 CentOS 系统中使用 "curl -I 网址" 命令查看
Nginx 隐藏版本号的方法
修改配置文件法
修改源码法
编译安装 nginx 服务
1. 将宿主机上的工具包共享出去
2. 通过 Samba 服务将工具包挂载到 Linux 系统
- [[email protected] ~]# mkdir /mnt/tools
- [[email protected] ~]# smbclient -L //192.168.100.50/
- Enter SAMBA\root's password:
- OS=[Windows 10 Enterprise LTSC 2019 17763] Server=[Windows 10 Enterprise LTSC 2019 6.3]
- Sharename Type Comment
- --------- ---- -------
IPC$ IPC 远程 IPC
- share Disk
- tools Disk
- Users Disk
- Connection to 192.168.100.50 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
- NetBIOS over TCP disabled -- no workgroup available
- [[email protected] ~]# mount.cifs //192.168.100.50/tools /mnt/tools/
- Password for [email protected]//192.168.100.50/tools:
- [[email protected] ~]#
3. 将 nginx 服务源码包解压到 "/opt/" 目录
- [[email protected] ~]# cd /mnt/tools/
- [[email protected] tools]# ls
- awstats-7.6.tar.gz extundelete-0.2.4.tar.bz2 forbid.PNG jdk-8u191-Windows-x64.zip LAMP-C7 picture.jpg
- cronolog-1.6.2-14.el7.x86_64.rpm fiddler.exe intellijideahahau2018.rar john-1.8.0.tar.gz LNMP
- [[email protected] tools]# cd LNMP/
- [[email protected] LNMP]# ls
- Discuz_X3.4_SC_UTF8.zip MySQL-boost-5.7.20.tar.gz nginx-1.12.2.tar.gz PHP-7.1.10.tar.bz2 PHP-7.1.20.tar.gz
- [[email protected] LNMP]# tar zxvf nginx-1.12.2.tar.gz -C /opt/
- ...............// 省略解压过程
- [[email protected] LNMP]#
4. 安装编译所需工具包
- [[email protected] ~]# yum install gcc gcc-c++ pcre-devel zlib-devel -y
- ...........// 省略安装过程
- [[email protected] ~]#
5. 切换到 nginx 服务源码包目录, 创建一个 nginx 用户
- [[email protected] LNMP]# cd /opt/
- [[email protected] opt]# ls
- nginx-1.12.2 rh
- [[email protected] opt]# cd nginx-1.12.2/
- [[email protected] nginx-1.12.2]# ls
- auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
- [[email protected] nginx-1.12.2]#
- [[email protected] nginx-1.12.2]# useradd -M -s /sbin/nologin nginx //-M 不创建家目录
- [[email protected] nginx-1.12.2]# id nginx
uid=1001(nginx) gid=1001(nginx) 组 = 1001(nginx)
[[email protected] nginx-1.12.2]#
6. 配置 nginx 服务
- [[email protected] nginx-1.12.2]# ./configure> --prefix=/usr/local/nginx \ // 安装路径
- > --user=nginx \ // 属主
- > --group=nginx \ // 属组
- > --with-http_stub_status_module // 启用统计模块
7. 编译安装 nginx 服务
- [[email protected] nginx-1.12.2]# make && make install
- ..........// 省略过程
- [[email protected] nginx-1.12.2]#
8. 在易于系统识别的目录下, 建立 nginx 服务命令的软链接
- [[email protected] nginx-1.12.2]# ln -s /usr/local/nginx/sbin/*/usr/local/sbin/ // 建立软链接
- [[email protected] nginx-1.12.2]# nginx -t // 配置文件测试
- nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
- nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
- [[email protected] nginx-1.12.2]#
9. 制作 nginx 服务管理脚本(任选一种即可)
脚本一: 通过 "systemctl" 命令管理
- [[email protected] nginx-1.12.2]# cd /lib/systemd/system
- [[email protected] system]# VIM nginx.service
- [Unit]
- Description=nginx
- After=network.target
- [Service]
- Type=forking
- PIDFile=/usr/local/nginx/logs/nginx.pid
- ExecStart=/usr/local/nginx/sbin/nginx
- ExecReload=/usr/bin/kill -s HUP $MAINPID
- ExecStop=/usr/bin/kill -s QUIT $MAINPID
- PrivateTmp=true
- [Install]
- WantedBy=multi-user.target
- [[email protected] system]# chmod 754 nginx.service // 添加执行权限
- [[email protected] system]# systemctl start nginx.service // 开启服务
- [[email protected] system]# netstat -ntap | grep 80 // 查看 tcp80 端口
- tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 52924/nginx: master
- [[email protected] system]#
- [[email protected] system]# systemctl stop firewalld.service // 关闭防火墙
- [[email protected] system]# setenforce 0
- [[email protected] system]#
脚本二: 通过 "service" 命令管理
- [[email protected] nginx-1.12.2]# VIM /etc/init.d/nginx
- #!/bin/bash
- # chkconfig: - 99 20
- # description: Nginx Service Control Script
- PROG="/usr/local/nginx/sbin/nginx"
- PIDF="/usr/local/nginx/logs/nginx.pid"
- case "$1" in
- start)
- $PROG
- ;;
- stop)
- kill -s QUIT $(cat $PIDF)
- ;;
- restart)
- $0 stop
- $0 start
- ;;
- reload)
- kill -s HUP $(cat $PIDF)
- ;;
- *)
- echo "Usage: $0 {start|stop|restart|reload}"
- exit 1
- esac
- exit 0
- [[email protected] nginx-1.12.2]#
- [[email protected] nginx-1.12.2]# chmod +x /etc/init.d/nginx // 添加执行权限
- [[email protected] nginx-1.12.2]# chkconfig --add nginx // 添加让 service 能识别 nginx 服务
- [[email protected] nginx-1.12.2]#
- [[email protected] nginx-1.12.2]# service nginx start // 开启服务
- [[email protected] nginx-1.12.2]# netstat -ntap | grep 80 // 查看 tcp80 端口
- tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 58696/nginx: master
- [[email protected] nginx-1.12.2]#
- [[email protected] nginx-1.12.2]# systemctl stop firewalld.service // 关闭防火墙
- [[email protected] nginx-1.12.2]# setenforce 0
- [[email protected] nginx-1.12.2]#
修改配置文件法
1. 查看 IP 地址
- [[email protected] nginx-1.12.2]# ifconfig
- ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- .NET 192.168.52.131 netmask 255.255.255.0 broadcast 192.168.52.255
- inet6 fe80::8629:c3e2:139c:884a prefixlen 64 scopeid 0x20<link>
- ether 00:0c:29:7a:41:33 txqueuelen 1000 (Ethernet)
- RX packets 53364 bytes 74679913 (71.2 MiB)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 16068 bytes 1016893 (993.0 KiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2. 查看版本号
- [[email protected] nginx-1.12.2]# curl -I http://192.168.52.131/
- HTTP/1.1 200 OK
- Server: nginx/1.12.2 // 版本号
- Date: Wed, 13 Nov 2019 07:10:22 GMT
- Content-Type: text/HTML
- Content-Length: 612
- Last-Modified: Wed, 13 Nov 2019 07:03:51 GMT
- Connection: keep-alive
- ETag: "5dcbaad7-264"
- Accept-Ranges: bytes
- [[email protected] nginx-1.12.2]#
3. 修改配置文件
- [[email protected] nginx-1.12.2]# VIM /usr/local/nginx/conf/nginx.conf
- http {
- include mime.types;
- default_type application/octet-stream;
- server_tokens off; // 添加, 关闭版本号显示
4. 再次查看版本号
- [[email protected] nginx-1.12.2]# service nginx restart
- [[email protected] nginx-1.12.2]# curl -I http://192.168.52.131/
- HTTP/1.1 200 OK
- Server: nginx // 版本号不再显示
- Date: Wed, 13 Nov 2019 07:15:09 GMT
- Content-Type: text/HTML
- Content-Length: 612
- Last-Modified: Wed, 13 Nov 2019 07:03:51 GMT
- Connection: keep-alive
- ETag: "5dcbaad7-264"
- Accept-Ranges: bytes
- [[email protected] nginx-1.12.2]#
修改源码法
1. 修改配置文件
- [[email protected] nginx-1.12.2]# VIM /usr/local/nginx/conf/nginx.conf
- http {
- include mime.types;
- default_type application/octet-stream;
- server_tokens on; // 开启版本号显示
2. 修改版本号
- [[email protected] nginx-1.12.2]# VIM src/core/nginx.h
- #define nginx_version 1012002
- #define NGINX_VERSION "1.1.1" // 修改版本号为 1.1.1
- #define NGINX_VER "nginx/" NGINX_VERSION
3. 重新配置 nginx 服务
- [[email protected] nginx-1.12.2]# ls
- auto CHANGES CHANGES.ru conf configure contrib HTML LICENSE man README src
- [[email protected] nginx-1.12.2]# ./configure> --prefix=/usr/local/nginx> --user=nginx> --group=nginx> --with-http_stub_status_module
- ........// 省略配置过程
4. 重新编译安装 nginx 服务
- [[email protected] nginx-1.12.2]# make && make install
- .........// 省略编译过程
- [[email protected] nginx-1.12.2]#
5. 开启服务, 并查看版本号
- [[email protected] nginx-1.12.2]# service nginx restart // 开启服务
- [[email protected] nginx-1.12.2]# curl -I http://192.168.52.131/ // 查看版本
- HTTP/1.1 200 OK
- Server: nginx/1.1.1 // 版本号伪装成功
- Date: Wed, 13 Nov 2019 07:35:32 GMT
- Content-Type: text/HTML
- Content-Length: 612
- Last-Modified: Wed, 13 Nov 2019 07:03:51 GMT
- Connection: keep-alive
- ETag: "5dcbaad7-264"
- Accept-Ranges: bytes
来源: http://www.bubuko.com/infodetail-3289673.html