1 前言

一个问题，一篇文章，一出故事。
最近外部的安全扫描发现我们一个站点对外宣告Nginx的版本号，于是我们需要修改参数隐藏Nginx的版本号。

Server information header exposed
www.cmdschool.org:80
Exposing information about the server version increases the ability of attackers to exploit certain vulnerabilities. The website configuration should be
changed to prevent version information being revealed in the 'server' header.
Expected Headers > server: [does not contain version number]
Actual nginx/1.26.0
First
detected
Jun 3, 2024

2 最佳实践

2.1 安装运行环境

vim /etc/nginx/nginx.conf

修改如下参数，

http {
    #...
    server_tokens off;
    #...
}

2.2 重载服务使配置生效

systemctl reload nginx