在容器级别从应用程序中删除 Apache tomcat 版本

在容器级别从应用程序中删除 Apache tomcat 版本

我正在尝试GET向我的应用程序发送请求,如下所示:

Request
GET /c%3a%5cboot.ini HTTP/1.1
Host: myapp.io
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Cookie: appCookie=MH3.7.9823272323477.1639691466;
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.39
45.0 Safari/537.36

响应是:

HTTP/1.1 400
Connection: keep-alive
Content-Length: 795
Content-Language: en
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Dec 2021 21:51:50 GMT
<!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad Request</title><style type="text/c
ss">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76
;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black
;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 400
– Bad Request</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Invalid URI
</p><p><b>Description</b> The server cannot or will not process the request due to something that is
perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or
deceptive request routing).</p><hr class="line" /><h3>Apache Tomcat/8.5.68</h3></body></html>

从这个回应来看,有没有办法删除版本<h3>Apache Tomcat/8.5.68</h3>并将其显示<h3>Apache Tomcat</h3>在容器级别,因为这是一个安全问题。

我的Dockerfile样子是这样的:

FROM maven:3.6.3-jdk-11 as builder

COPY . .
RUN mvn clean package -Dapp.host=$MYAPP_HOST

FROM tomcat:8.5-jdk11
ENV TZ=America/New_York
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

COPY --from=builder ./target/app.war /usr/local/tomcat/webapps/ROOT.war
RUN mkdir /usr/local/tomcat/webapps/ROOT
RUN cp /usr/local/tomcat/webapps/ROOT.war /usr/local/tomcat/webapps/ROOT/ROOT.war
RUN cd /usr/local/tomcat/webapps/ROOT && jar xvf ROOT.war

RUN apt-get update && apt-get install -y nginx && mkdir /etc/nginx/certs
COPY proxy.conf /etc/nginx/
COPY vhosts.conf /etc/nginx/conf.d/

EXPOSE 443
RUN echo '#!/bin/bash\nnginx\ncatalina.sh run' > start-wrapper.sh && chmod +x start-wrapper.sh && mv start-wrapper.sh /usr/bin/
CMD ["start-wrapper.sh"]

可以在 docker 容器级别删除 Apache Tomcat 版本吗?

答案1

Apache 服务器的版本信息是在代码中定义的,而不是在配置或外部文件中。要更改它,您需要在进行更改后分叉存储库并构建您自己的版本。

相关内容