Skip to content

Instantly share code, notes, and snippets.

@t-richards
Last active January 20, 2024 13:01
Show Gist options
  • Save t-richards/050ca6f92e2382b60b9600c9ab5e5e3d to your computer and use it in GitHub Desktop.
Save t-richards/050ca6f92e2382b60b9600c9ab5e5e3d to your computer and use it in GitHub Desktop.
Anti-fingerprinting Configuration for NGINX
map "" $empty {
default "";
}
# Forcibly turn off the server header.
more_clear_headers 'Server';
# Default server that forcibly drops the connection
server {
listen 443 ssl http2 default_server;
# Don't accept the HTTPS handshake.
ssl_reject_handshake on;
ssl_certificate data:$empty; # Note: Specifying certs/keys is optional for this default server block
ssl_certificate_key data:$empty; # as long as there is at least one other server block with valid certs.
# Disable special HTTP->HTTPS error page.
error_page 497 = @empty_err;
location @empty_err {
return 444;
}
return 444;
}
# Real server here
server {
listen 443 ssl http2;
server_name example.org;
# ...
}
version: '3.8'
services:
web:
build: .
ports:
- "8443:443"
volumes:
- ./default.nginxconf:/etc/nginx/http.d/default.conf:ro
FROM alpine:3.16
RUN set -ex; \
apk add nginx nginx-mod-http-headers-more; \
ln -sf /dev/stdout /var/log/nginx/access.log; \
ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 443
STOPSIGNAL SIGQUIT
CMD ["nginx", "-g", "daemon off;"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment