Nginx安全&&调优
1、隐藏版本号
编译前修改源码
[root@study nginx-1.16.1]# vim src/core/nginx.h
更改如下行即可
13 #define NGINX_VERSION "1.16.1"
14 #define NGINX_VER "nginx/" NGINX_VERSION
[root@study nginx-1.16.1]# vim src/http/ngx_http_header_filter_module.c
修这一行Server:后的名称即可
49 static u_char ngx_http_server_string[] = "Server: nginx" CRLF;
2、修改用户
[root@study ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx;
[root@study ~]# useradd -M -s /sbin/nologin nginx
[root@study ~]# /usr/local/nginx/sbin/nginx -s reload
[root@study ~]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 7890 root 6u IPv4 38505 0t0 TCP *:http (LISTEN)
nginx 7942 nginx 6u IPv4 38505 0t0 TCP *:http (LISTEN)
3、修改nginx运行个数(Nginx运行进程个数一般我们设置CPU的核心或者核心数x2)
[root@study ~]# vim /usr/local/nginx/conf/nginx.conf
3 worker_processes 1;-->worker_processes 4;
[root@study ~]# /usr/local/nginx/sbin/nginx -s reload
[root@study ~]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 7890 root 6u IPv4 38505 0t0 TCP *:http (LISTEN)
nginx 7947 nginx 6u IPv4 38505 0t0 TCP *:http (LISTEN)
nginx 7948 nginx 6u IPv4 38505 0t0 TCP *:http (LISTEN)
nginx 7949 nginx 6u IPv4 38505 0t0 TCP *:http (LISTEN)
nginx 7950 nginx 6u IPv4 38505 0t0 TCP *:http (LISTEN)
4、nginx最大打开的文件数
添加:
worker_rlimit_nofile 102400; #这个指令是指当一个nginx进程打开的最多文件描述符数目,
events {
use epoll; #IO多路复用
worker_connections 102400;
}
select,poll,epoll都是IO多路复用的机制。I/O多路复用就通过一种机制,可以监视