Method of hiding version number and web page cache time in nginx

Time:2021-1-18

Nginx Optimization — Hide version number and page cache time

Configure nginx to hide version number

In the production environment, we need to hide the version number of nginx to avoid security

Leakage of loopholes

View method

Use Fiddler I to check the nginx version number on the Windows client

Using “curl – I URL” command to view in CentOS system

Method of hiding version number in nginx

Modify the configuration file method

Modify the source code method

Modifying configuration file method

1. Server in the configuration file of nginx_ The value of the tokens option is set to off


[[email protected] conf]# vim nginx.conf
.....
server_ tokens off;
.....
[[email protected] conf]# nginx -t

2. Restart the service, visit the website and use curl – I command to detect


[[email protected] conf]# service nginx restart
[[email protected] conf]# curl -1 http://192.1 68.9.209/
HTTP/1.1200 OK
Server: nginx

3. If fastcgi param server software option is configured in PHP configuration file. Edit the PHP FPM configuration file and change the value of fastcgi param server software to


fastcgi_ param SERVER_ SOFTWARE nginx ;

Modify the source code method

Nginx source file / usr / SRC / nginx-1.12.0/src/core/nginx. H contains version information, which can be set to recompile and install at will to hide version information

Example:

#define NGINX_ _ Version "1.1.1", modify the version number to 1.1.1
#define NGINX_  Ver "IIS /", modify the software type to IIS

Restart the service, visit the website and use curl – I command to detect

Modify nginx users and groups

The nginx runtime process needs the support of users and groups to implement access control when reading web site files

Nginx uses the nobody user account and group account by default, and generally needs to be modified

Method of modification

Specify users and groups when compiling and installing
Modify the configuration file to specify users and groups

Modify configuration file to specify

1. Create a new user account, such as nginx

2. Modify the user option of the main configuration file and specify the user account

3. Restart nginx service to make the configuration effective

4. Use PS aux command to view the process information of nginx and verify the running user

Account change effect


[[email protected] conf]# vi nginx.conf
user nginx nginx;
[[email protected] conf]# service nginx restart
[[email protected] conf]# ps aux lgrep nginx
root    1300340.0 0.0 20220 620? Ss 19:41 0:00 nginx: master process
/usr/local/sbin/nginx
nginx  1300350.0 0.0 20664 1512 ?S 19:41 0:00 nginx: worker process

Configure nginx web page cache time

When nginx returns the web page data to the client, it can set the cache time to facilitate direct return when making requests for the same content in the future, so as to avoid repeated requests and speed up the access speed. As for static web page settings, it does not set the cache time for dynamic web pages. You can use Fiddler to view the web page cache time in Windows client

Setting method

You can modify the configuration file and add expiration parameters for specific content in the HTTP section, or the server section, or the location section

Examples

Modify the configuration file of nginx and add the expires parameter in the location section


location ~ \.(gifjpgliepglpnglbmplico)$ {
root html;
expires 1d;

Example demonstration of hiding version number

1、 Compile and install nginx service

The first step: remote access to Windows source package, and mount to Linux


[[email protected] ~]# smbclient -L //192.168.235.1
Enter SAMBA\root's password: 
Sharename    Type   Comment
---------    ----   -------
LNMP      Disk 

[[email protected] ~]# mkdir /abc
[[email protected] ~]# mount.cifs //192.168.235.1/LNMP /abc
Password for [email protected]//192.168.235.1/LNMP: 
[[email protected] ~]# ls /abc
Discuz_X3.4_SC_UTF8.zip  nginx-1.12.2.tar.gz
game.jpg          php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz
nginx-1.12.0.tar.gz

Step 2: unzip the source code package


[[email protected] ~]# cd /abc
[[email protected] abc]# tar zxvf nginx-1.12.0.tar.gz -C /opt
[[email protected] abc]# ls /opt
nginx-1.12.0 rh

Step 3: download, install and compile the package

[[email protected] abc]# cd /opt
[[email protected] opt]# yum install -y \
>GCC // C language
>Gcc-c + + // C + + language
>PCRE devel // PCRE language tools
>Zlib devel // compression function library

Step 4: create program users and configure nginx service related components

[[email protected] opt]# useradd -M -s /sbin/nologin nginx
//Create program user nginx and restrict it not to log in to the terminal
[[email protected] opt]# cd nginx-1.12.0/
[[email protected] nginx-1.12.0]# ./configure \      
//Configure nginx
> --prefix=/usr/local/nginx \    
//Specify the installation path            
> --user=nginx \
//Specify the user name
> --group=nginx \
//Specifies the group to which the user belongs
> --with-http_stub_status_module
//Installation status statistics module

Step 5: compile and install nginx


[[email protected] nginx-1.12.0]# make && make install

Step 6: optimize the nginx service startup script and establish command soft connection

[[email protected] nginx-1.12.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 
//Create nginx service command soft link to system command
[[email protected] nginx-1.12.0]# systemctl stop firewalld.service 
//Turn off firewall
[[email protected] nginx-1.12.0]# setenforce 0
//Turn off enhanced security
[[email protected] nginx-1.12.0]# nginx 
//Enter nginx to start the service
[ [email protected]  Nginx-1.12.0] # netstat - ntap | grep 80 // view port 80 of the service, and it shows that it is on
tcp    0   0 0.0.0.0:80       0.0.0.0:*        LISTEN   7520/nginx: master

Step 7: systemctl manages nginx scripts

[ [email protected]  ~]# vim /lib/systemd/system/ nginx.service    ##Create profile

[Unit]
Description = nginx # description
After= network.target                     ##Describe the service type
[Service]
Type = forking # background operation mode
PIDFile=/usr/local/nginx/logs/ nginx.pid       ##PID file location
Execstart = / usr / local / nginx / SBIN / nginx # start service
Execreload = / usr / bin / kill - s HUP $mainpid # configure according to PID overload
Execstop = / usr / bin / kill - s quit $mainpid # terminate process according to PID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

[ [email protected]  ~]# chmod 754 /lib/systemd/system/ nginx.service    ##Set execution permission
[ [email protected]  ~]# systemctl stop  nginx.service     ##Shut down nginx 
[ [email protected]  ~]# systemctl start  nginx.service     ##Open nginx

2、 Modify configuration file to hide version number

Step 1: check the nginx version number by default

[ [email protected]  ~]# curl -I  http://192.168.235.158   # #View version number
HTTP/1.1 200 OK
Server: nginx/1.12.0
##The visible version number is 1.12.0
Date: Wed, 13 Nov 2019 08:32:59 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT
Connection: keep-alive
ETag: "5dc2278f-264"
Accept-Ranges: bytes

Step 2: modify nginx.conf configuration file

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf

http {
  include    mime.types;
  default_type application/octet-stream;
  server_tokens off;
##Add server to HTTP protocol_ Set the value of the tokens option to off

jpg

Step 3: verify that the nginx version number is hidden

[[email protected] ~]# systemctl stop nginx.service 
[[email protected] ~]# systemctl start nginx.service
[[email protected] ~]# curl -I http://192.168.235.158
HTTP/1.1 200 OK
Server: nginx
##The visible version number is hidden
Date: Wed, 13 Nov 2019 09:18:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT
Connection: keep-alive
ETag: "5dc2278f-264"
Accept-Ranges: bytes

3、 Modifying configuration source code to hide version number

Step 1: modify nginx.conf configuration file

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
...
 server_tokens on;
 ##Replace off with on

Step 2: modify the version information in the source code file nginx. H

[[email protected] ~]# vim /opt/nginx-1.12.0/src/core/nginx.h

#define NGINX_VERSION   "1.1.1"
##Change the version information to 1.1.1

Step 3: recompile nginx


[[email protected] ~]# cd /opt/nginx-1.12.0/
[[email protected] nginx-1.12.0]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[[email protected] nginx-1.12.0]# make && make install

Step 4: verify that the nginx version number is hidden

[[email protected] nginx-1.12.0]# curl -I http://192.168.235.158 
HTTP/1.1 200 OK
Server: nginx/1.1.1
##The visible version number has been successfully changed to 1.1.1
Date: Wed, 13 Nov 2019 10:20:23 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 06 Nov 2019 01:53:19 GMT
Connection: keep-alive
ETag: "5dc2278f-264"
Accept-Ranges: bytes

Example demonstration of web page cache time

Step 1: copy the image to the site directory


[[email protected] nginx-1.12.0]# ls /abc
Discuz_X3.4_SC_UTF8.zip  nginx-1.12.2.tar.gz
game.jpg          php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz php-7.1.20.tar.gz
nginx-1.12.0.tar.gz
[[email protected] nginx-1.12.0]# cp /abc/game.jpg /usr/local/nginx/html/
[[email protected] nginx-1.12.0]# cd /usr/local/nginx/html/
[[email protected] html]# ls
50x.html game.jpg index.html

Step 2: modify nginx’s index.html Webpage

[[email protected] html]# vim index.html

<h1>Welcome to nginx!</h1>
<img src="game.jpg"/>
##Add picture path under H1 tag

Step 3: modify the nginx. Conf file

[[email protected] html]# vim /usr/local/nginx/conf/nginx.conf

user nginx nginx;
##Enter this line entry separately, specify user nginx and group nginx

 location ~\.(gif|jepg|jpg|ico|bmp|png)$ {
      root html;
      expires 1d;
      ##The above image types are cached for one day
    }

[[email protected] html]# systemctl stop nginx.service
[[email protected] html]# systemctl start nginx.service

Step 4: open a win10 virtual machine for verification

Install in client fiddler.exe Capture software, and open the browser to visit 192.168.235.158 web page

summary

The above is the nginx hidden version number and webpage cache time introduced by Xiaobian. I hope it can help you. If you have any questions, please leave me a message and Xiaobian will reply you in time. Thank you very much for your support to developer!
If you think this article is helpful to you, please reprint, please indicate the source, thank you!