Last active
January 20, 2024 13:01
-
-
Save t-richards/050ca6f92e2382b60b9600c9ab5e5e3d to your computer and use it in GitHub Desktop.
Anti-fingerprinting Configuration for NGINX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
map "" $empty { | |
default ""; | |
} | |
# Forcibly turn off the server header. | |
more_clear_headers 'Server'; | |
# Default server that forcibly drops the connection | |
server { | |
listen 443 ssl http2 default_server; | |
# Don't accept the HTTPS handshake. | |
ssl_reject_handshake on; | |
ssl_certificate data:$empty; # Note: Specifying certs/keys is optional for this default server block | |
ssl_certificate_key data:$empty; # as long as there is at least one other server block with valid certs. | |
# Disable special HTTP->HTTPS error page. | |
error_page 497 = @empty_err; | |
location @empty_err { | |
return 444; | |
} | |
return 444; | |
} | |
# Real server here | |
server { | |
listen 443 ssl http2; | |
server_name example.org; | |
# ... | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.8' | |
services: | |
web: | |
build: . | |
ports: | |
- "8443:443" | |
volumes: | |
- ./default.nginxconf:/etc/nginx/http.d/default.conf:ro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM alpine:3.16 | |
RUN set -ex; \ | |
apk add nginx nginx-mod-http-headers-more; \ | |
ln -sf /dev/stdout /var/log/nginx/access.log; \ | |
ln -sf /dev/stderr /var/log/nginx/error.log | |
EXPOSE 443 | |
STOPSIGNAL SIGQUIT | |
CMD ["nginx", "-g", "daemon off;"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment