Nginx 的漏洞扫描有很多整改项
资源下载地址:https://download.csdn.net/download/wangzhi291/89216805
资源里面需要conf/modules 需要上传 然后docker镜像文件 配置按下面的修改就行了
整改方法为增加 ngx_http_headers_more_filter_module模块
- include /usr/share/nginx/modules/*.conf;
- load_module modules/ngx_http_headers_more_filter_module.so;
-
-
-
- #下面增加
- http {
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
- server_tokens off;
- more_clear_headers 'Server';
修复办法 增加配置 server 里面
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
- ssl_prefer_server_ciphers on;