前言:
我们知道,Nginx在使用时默认开启版本号会被曝光在response headers里面,这无疑降低了网站的安全性,我们应该把它关掉。
只需要一句话:
server_tokens off;
加在哪里:
在主配置文件nginx.conf、虚拟主机的配置文件中配置,选一个配置即可
官方文档地址:http://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
示例:
在主配置文件nginx.conf加入
[root@web01 conf]# cat /application/nginx/conf/nginx.conf
worker_processes 2;
error_log logs/error.log;
#配置Nginx worker进程最大打开文件数
worker_rlimit_nofile 65535;
user www www;
events {
#单个进程允许的客户端最大连接数
worker_connections 20480;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#访问日志配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#虚拟主机
include /application/nginx/conf/extra/www.conf;
include /application/nginx/conf/extra/blog.conf;
include /application/nginx/conf/extra/bbs.conf;
include /application/nginx/conf/extra/edu.conf;
include /application/nginx/conf/extra/phpmyadmin.conf;
include /application/nginx/conf/extra/status.conf;
#隐藏版本号
server_tokens off;
}
在虚拟主机的配置文件中添加
[root@web01 conf]# cat /application/nginx/conf/extra/www.conf
server {
listen 80;
server_name www.abc.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name www.abc.com;
#https证书
ssl on;
ssl_certificate /application/nginx/conf/key/server.crt;
ssl_certificate_key /application/nginx/conf/key/server.key;
#访问日志
access_log logs/access_www.log main buffer=32k flush=5s;
location / {
root html/www;
index index.php index.html index.htm;
}
#隐藏版本号
server_tokens off;
#php解析
location ~ .*\.(php|php5)?$ {
root html/www;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
参考资料:
https://blog.51cto.com/13673885/2299757?source=dra
版权属于:soarli
本文链接:https://blog.soarli.top/archives/61.html
转载时须注明出处及本声明。