nginx 版本升级

chenshiying007

已于 2022-12-01 14:02:47 修改

阅读量2.1k

点赞数

文章标签： nginx 运维

于 2021-08-31 10:49:01 首次发布

本文链接：https://blog.csdn.net/qq_27384769/article/details/120012566

版权

本文介绍了如何修复Nginx的安全漏洞，包括下载最新版本、备份配置、重新安装并隐藏版本号。同时，展示了如何修改错误页面默认提示，提高服务器安全性，并提供了配置示例，如调整worker进程数、设置最大打开文件数和隐藏HTTP响应头中的版本信息。

摘要由CSDN通过智能技术生成

最新版本下载

http://nginx.org/en/download.html

Nginx是美国Nginx公司的一款轻量级Web服务器/反向代理服务器及电子邮件（IMAP/POP3）代理服务器。
nginx存在安全漏洞，该漏洞源于一个离一错误在该漏洞允许远程攻击者可利用该漏洞在目标系统上执行任意代码。

厂商补丁:
目前厂商已发布升级补丁以修复漏洞，补丁获取链接：
https://www.nginx.com/blog/updating-nginx-dns-resolver-vulnerability-cve-2021-23017/

#备份配置
mkdir -p /home/soft/bak/nginx/
#rm -rf /home/soft/bak/nginx/*
cd /home/soft/bak/nginx/
cp /usr/local/nginx/sbin/nginx /home/soft/bak/nginx/
cp -r /usr/local/nginx/conf/nginx.conf /home/soft/bak/nginx/
cp -r /usr/local/nginx/conf/conf.d.start /home/soft/bak/nginx/
cp -r /usr/local/nginx/conf/conf.d.stop /home/soft/bak/nginx/


#查询nginx 安装配置
cd /usr/local/nginx/sbin

/usr/local/nginx/sbin/nginx -V



#重新安装
cd /usr/local/src/
tar -zxvf nginx-1.22.1.tar.gz

cd /usr/local/src/nginx-1.22.1


./configure --prefix=/usr/local/nginx  --with-http_stub_status_module --with-pcre --with-mail --with-stream --with-mail_ssl_module --with-http_ssl_module --with-openssl=../openssl-1.1.1d

make


/usr/local/nginx/sbin/nginx -s stop
\cp -rf /usr/local/src/nginx-1.22.1/objs/nginx /usr/local/nginx/sbin/nginx

/usr/local/nginx/sbin/nginx

隐藏版本号

server_tokens off

在主配置文件nginx.conf加入

worker_processes  2;
error_log logs/error.log;
 
#配置Nginx worker进程最大打开文件数
worker_rlimit_nofile 65535;
 
user www www;
events {
    #单个进程允许的客户端最大连接数
    worker_connections  20480;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    #访问日志配置
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
 
    #虚拟主机
    include /application/nginx/conf/extra/www.conf;
    include /application/nginx/conf/extra/blog.conf;
    include /application/nginx/conf/extra/bbs.conf;
    include /application/nginx/conf/extra/edu.conf;
    include /application/nginx/conf/extra/phpmyadmin.conf;
    include /application/nginx/conf/extra/status.conf;
 
    #隐藏版本号
    server_tokens off;
}

在虚拟主机的配置文件中添加

server {
    listen  80;
    server_name www.abc.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}
server {
    listen       443;
    server_name  www.abc.com;
 
    #https证书
    ssl on;
    ssl_certificate /application/nginx/conf/key/server.crt;
    ssl_certificate_key /application/nginx/conf/key/server.key;
 
    #访问日志
    access_log  logs/access_www.log  main buffer=32k flush=5s;
    location / {
        root   html/www;
        index  index.php index.html index.htm;
    }
    #隐藏版本号
    server_tokens off;
    #php解析
    location ~ .*\.(php|php5)?$ {
        root html/www;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

修改错误页面默认提示


# 默认错误页面
cd /usr/local/nginx/html/

vim 50x.html
```
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>服务器报错</h1>
<p>抱歉，您正在查找的页面不可用，请于管理员联系</p>
</body>
</html>

```



vim index.html
```
<!DOCTYPE html>
<html>
<head>
<title>Welcome</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>首页</h1>


</body>
</html>
```