Configure Nginx hidden version number

In the production environment, the version number of Nginx needs to be hidden to reduce security risks

View method

1. Use fiddler I to check the Nginx version number on the Windows client,
Use "curl-i web address" command to view in CentOS system

The method of hiding version number in Nginx

1. Modify profile method
2. Modify the source code law

Experiment

I. profile modification method
1. The value of the server? Tokens option in the configuration file of nginx is set to off

[root@www conf]# vim nginx.conf
.....
server_ tokens off;
.....
[root@www conf]# nginx -t

2. Restart the service, visit the website and use curl-i command to detect

[root@www conf]# service nginx restart
[root@www conf]# curl -1 http://192.1 68.9.209/
HTTP/1.1200 OK
Server: nginx

3. If the fastcgi param SERVER SOFTWARE option is configured in the php configuration file. Then edit the php FPM configuration file and change the value of fastcgi param SERVER SOFTWARE to

fastcgi_ param SERVER_ SOFTWARE nginx ;

II. Modify the source code law
In addition to hiding the version number, we can also give a wrong version number to those who intend to cheat, and modify the nginx.hwen file

[root@localhost nginx]# cd /opt/nginx-1.12.2/src/core/
Modify the source file nginx.h under this directory
[root@localhost core]# vim nginx.h 
#define NGINX_VERSION      "9.9.9"
    Modify camouflage version number

Recompile and install nginx

[root@localhost core]# cd /opt/nginx-1.12.2/
[root@localhost nginx-1.12.2]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx
[root@localhost nginx-1.12.2]# Make & & make install / / recompile and install
[root@localhost nginx-1.12.2]# cd /usr/local/nginx/conf/
[root@localhost conf]# service nginx stop / / restart the service
[root@localhost conf]# service nginx start 

Check whether the camouflage is successful (make sure that the server_tokens on; in the main configuration file)

[root@localhost conf]# curl -I http://192.168.142.128
HTTP/1.1 200 OK
Server: nginx/9.9.9                      //Camouflage success
Date: Wed, 13 Nov 2019 08:38:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 13 Nov 2019 08:04:45 GMT
Connection: keep-alive
ETag: "5dcbb91d-264"
Accept-Ranges: bytes

nginx timeout management

In order to ensure the most effective use of resources and not be occupied by users who do not operate for a long time, it is necessary to manage the timeout.
1. Modify the main configuration file

[root@localhost conf]# pwd
/usr/local/nginx/conf
[root@localhost conf]# vim nginx.conf
//Find 'keepalive'u timeout', modify it and add it below
    keepalive_timeout  65 180;       #Before and after the server-side timeout, client-side timeout.
    client_header_timeout 80;         #Timeout waiting for client to send request header
    client_body_timeout 70;          #Timeout for client to send request body

[root@localhost conf]# service nginx stop 
[root@localhost conf]# service nginx start

nginx process management

1. Generally, by default, the running process of nginx is only 1

[root@localhost conf]# ps aux | grep nginx
root      43055  0.0  0.0  20540   608 ?        Ss   17:13   0:00 nginx: master process /usr/local/nginx/sbin/nginx     //Main process cannot be changed
nginx     43056  0.0  0.0  23064  1380 ?        S    17:13   0:00 nginx: worker process    //The working process can be changed manually according to the specific situation
root      43189  0.0  0.0 112728   968 pts/1    S+   17:25   0:00 grep --color=auto nginx

2. In order to provide servers with multi-core processors with higher processing efficiency, we need to modify the process (the experimental environment is the 2-core server)

[root@localhost conf]# pwd
/usr/local/nginx/conf
[root@localhost conf]# vim nginx.conf
//Search for 'worker' processes' and add
    worker_processes  2;          #Change to the same number of CPUs   
    worker_cpu_affinity 01 10;      #Set each process to be processed by different CPUs
[root@localhost conf]# service nginx stop       #Restart service
[root@localhost conf]# service nginx start

3. At this time, we will check the process of nginx again (there will be two working processes)

[root@localhost conf]# ps aux | grep nginx
root      43353  0.0  0.0  20540   604 ?        Ss   17:36   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx     43354  0.0  0.0  23064  1372 ?        S    17:36   0:00 nginx: worker process
nginx     43355  0.0  0.0  23064  1364 ?        S    17:36   0:00 nginx: worker process
root      43367  0.0  0.0 112728   972 pts/1    S+   17:37   0:00 grep --color=auto nginx

Today's content is finished!!!