How to hide Nginx version number

　Recently I learned a new command curl, which has a parameter -I to check which server the website is using, for example:

zhangxiaoliudeMacBook-Pro-2:~ zhangxiaoliu$ curl -I http://nginx.org/
HTTP/1.1 200 OK
Server: nginx/1.9.8
Date: Fri, 18 Dec 2015 06:30:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8347
Last-Modified: Wed, 09 Dec 2015 15:07:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "566843a4-209b"
Accept-Ranges: bytes

　You can see Nginx The official version currently in use is 1.9.8. Each version of nginx may have some vulnerabilities, so from a security perspective, hiding the version number is relatively safer!

Step 1: Modify the nginx configuration file

　vim /usr/local/nginx/conf/nginx.conf (The path of the configuration file is determined by the directory where nginx is installed. Everyone’s is different. Because some beginners do not If you understand it, just copy and paste it and execute it. The consequences will be serious. Don’t execute the command you don’t understand! ), add server_tokens off;

after tcp_nodelay on;

-fpm configuration file

　　The name of the php-fpm configuration file is fastcgi.conf or fcgi.conf, vim /usr/local/nginx/conf/fastcgi.conf (in the same directory as nginx.conf), use the vim command "

:/SERVER_SOFTWARE

", find: fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; remove "/$nginx_version".

　Step Three: Restart the nginx service

　　service nginx reload (reload non-stop service restart, or use /etc/init.d/nginx reload, /etc/init.d/ contains service startup scripts, which are shells Script),

Some people may say that instead of using service nginxd reload, whether to use nginxd or nginx depends on the name of the service startup script in /etc/init.d/

The above introduces how to hide the Nginx version number, including vulnerability aspects. I hope it will be helpful to friends who are interested in PHP tutorials. 🎜 🎜 🎜