soarli

Nginx隐藏版本号server_tokens
前言:我们知道,Nginx在使用时默认开启版本号会被曝光在response headers里面,这无疑降低了网站的...
扫描右侧二维码阅读全文
06
2020/02

Nginx隐藏版本号server_tokens

前言:

我们知道,Nginx在使用时默认开启版本号会被曝光在response headers里面,这无疑降低了网站的安全性,我们应该把它关掉。

只需要一句话:

server_tokens off; 

加在哪里:

在主配置文件nginx.conf、虚拟主机的配置文件中配置,选一个配置即可

官方文档地址:http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens

示例:

在主配置文件nginx.conf加入

[root@web01 conf]# cat /application/nginx/conf/nginx.conf
worker_processes  2;
error_log logs/error.log;
 
#配置Nginx worker进程最大打开文件数
worker_rlimit_nofile 65535;
 
user www www;
events {
    #单个进程允许的客户端最大连接数
    worker_connections  20480;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    #访问日志配置
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
 
    #虚拟主机
    include /application/nginx/conf/extra/www.conf;
    include /application/nginx/conf/extra/blog.conf;
    include /application/nginx/conf/extra/bbs.conf;
    include /application/nginx/conf/extra/edu.conf;
    include /application/nginx/conf/extra/phpmyadmin.conf;
    include /application/nginx/conf/extra/status.conf;
 
    #隐藏版本号
    server_tokens off;
}

在虚拟主机的配置文件中添加

[root@web01 conf]# cat /application/nginx/conf/extra/www.conf 
server {
    listen  80;
    server_name www.abc.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}
server {
    listen       443;
    server_name  www.abc.com;
 
    #https证书
    ssl on;
    ssl_certificate /application/nginx/conf/key/server.crt;
    ssl_certificate_key /application/nginx/conf/key/server.key;
 
    #访问日志
    access_log  logs/access_www.log  main buffer=32k flush=5s;
    location / {
        root   html/www;
        index  index.php index.html index.htm;
    }
    #隐藏版本号
    server_tokens off;
    #php解析
    location ~ .*\.(php|php5)?$ {
        root html/www;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

参考资料:

https://blog.51cto.com/13673885/2299757?source=dra

最后修改:2022 年 01 月 07 日 06 : 07 PM

发表评论