Nginx DNS解析漏洞(CVE-2021-23017)
//
# Nginx DNS解析漏洞(CVE-2021-23017)
将 Nginx 升级到 1.20.1 及以上版本
把对应的包替换为 1.20.1
# 证书加密码
- ssh-keygen
ssh-keygen -p -f xxx.key
nginx加载的时候要输入刚刚设置的密码
- nginx安全协议TLS
listen 443 ssl;
client_max_body_size 0;
proxy_max_temp_file_size 0;
ssl_certificate ssl/yfklife.cn.crt;
ssl_certificate_key ssl/yfklife.cn.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers '!aNULL:!MD5:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-WITH-AES128-GCM-SHA256';
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
#
#下载deb包
wget https://mirrors.aliyun.com/ubuntu/pool/main/l/linux/linux-modules-extra-5.15.0-133-generic_5.15.0-133.144_amd64.deb
wget https://mirrors.aliyun.com/ubuntu/pool/main/l/linux/linux-modules-5.15.0-133-generic_5.15.0-133.144_amd64.deb
wget https://mirrors.aliyun.com/ubuntu/pool/main/l/linux/linux-headers-5.15.0-133_5.15.0-133.144_all.deb
wget https://mirrors.aliyun.com/ubuntu/pool/main/l/linux/linux-headers-5.15.0-133-generic_5.15.0-133.144_amd64.deb
#更新grub
update-grub
#重启服务器
reboot
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
//
如果此文章对您有帮助,点击 -->> 请博主喝咖啡 (opens new window)
上次更新: 2025/03/28, 13:42:54