How to disable Nginx test page in CentminMod

Share this post to your friends !

SystemMen - How to disable Nginx test page in CentminMod? By default, when you install CentminMod, it will create a Nginx test page.

When you access the server’s IP address on the browser, it will display the HTML test page of CentminMod.

Is this good? Let’s take a look.

how-to-disable-nginx-test-page-in-centminmod How to disable Nginx test page in CentminMod
Disable Nginx test page in CentminMod.

Why must disable Nginx test page in CentminMod?

With the experience of operating Linux server systems, I have worked with many different Linux systems.

To secure Linux servers, system administrators like me must hide information about the system. Make it hard to identify.

Hackers who want to attack a system will try to gather as much information about the target as possible.

And if you leave this page to Nginx test page, hackers can easily realize that you are using CentOS server and are using CentminMod to manage it. Hackers can rely on the vulnerabilities of CentminMod to exploit your server.

Therefore, we must disable it from the internet environment.

How to disable Nginx test page in CentminMod

First, you need to know where this page is configured in the server.

The Nginx test page is located in:

/usr/local/nginx/html/index.html

The vhost configuration file of test page in:

/usr/local/nginx/conf/conf.d/virtual.conf

After knowing where it is, we will now start the job.

Note: First, you need to create your website on CentminMod server first, use Let’s Encrypt as much as possible.

Next, we delete the virtual.conf configuration file.

rm -f /usr/local/nginx/conf/conf.d/virtual.conf

And then, create a file:

nano /usr/local/nginx/conf/conf.d/virtual.conf

With the following content:

server {
    listen 80 default_server;
    listen 443 ssl default_server;

    server_name _;
    ssl_certificate		/usr/local/nginx/conf/ssl/yourwebsite.com/yourwebsite.com.crt;
    ssl_certificate_key		/usr/local/nginx/conf/ssl/yourwebsite.com/yourwebsite.com.key;

    return 444;

    access_log		/var/log/nginx/localhost.access.log     combined buffer=256k flush=5m;
    error_log		/var/log/nginx/localhost.error.log	error;

    location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        #allow youripaddress;
        deny all;
    }
}

Look at the line return 444. Why is that?

I have encountered a case where a hacker took advantage of the vulnerability of server_name in web server Nginx to list the websites in that server.

Therefore, with the above configuration, if server_name is not configured in the CentminMod server. When accessing, you will get 444 code instead of randomly accessing the websites in the server.

And finally, you reload the Nginx configuration.

service nginx reload

Conclusion

Personally, I think you need to disable Nginx test page in CentminMod. This helps your server becomes safer against hackers. Try to hide your system as much as possible.

If you liked this article, then please subscribe to our YouTube Channel for more video tutorials. You can also find us on Twitter and Facebook.


Share this post to your friends !
If you appreciate what we share in this blog, you can support us by:
  1. Stay connected to: Facebook | Twitter | Google Plus | YouTube
  2. Subscribe email to recieve new posts from us: Sign up now.
  3. Start your own blog with SSD VPS - Free Let's Encrypt SSL ($2.5/month).
  4. Become a Supporter - Make a contribution via PayPal.
  5. Support us by purchasing Ribbon Lite Child theme being using on this website.

We are thankful for your support.

«« »»

Got something to say? Join the discussion

Please keep in mind that all comments are subject to our Comment Policy. Your email address will not be published.
This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments