一些增加 Nginx 安全性的配置

防止 SSL 证书泄露域名

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# /etc/nginx/conf.d/default.conf
server {
    listen 80 default_server;
    server_name _;
	deny all;
}

server {
    listen 443 ssl default_server;
    server_name _;
    ssl_reject_handshake on;
}

禁止 Nginx 列出文件, 隐藏版本号

1
2
3
# 在 /etc/nginx/nginx.conf 中的 http 中加入
autoindex off;
server_tokens off;

Docker compose

配置文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
version: "3"

services:
  nginx:
    image: nginx:alpine
    container_name: nginx
    restart: always
    networks:
      - nginx_net
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./conf.d:/etc/nginx/conf.d
      - ./certs:/etc/nginx/certs
      - ./logs:/var/log/nginx

networks:
  nginx_net:
    name: nginx_net
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16
          gateway: 172.20.0.1

执行命令

1
docker exec -it nginx /usr/sbin/nginx -s reload

Author: Gizmo
Link: https://blog.lumina.moe/posts/nginx-security/
License: CC BY-NC-SA 4.0

防止 SSL 证书泄露域名#

禁止 Nginx 列出文件, 隐藏版本号#

Docker compose#

防止 SSL 证书泄露域名

禁止 Nginx 列出文件, 隐藏版本号

Docker compose