Updating NGINX and making it more secure

  • Hello, I'd like to ask the devs to please make some improvements to NGINX in OMV (for WebGUI and the plugin).


    - Upgrade it's version to stable 1.21.1, for some reasons: security, optimizations and HTTP/2 feature
    - Hide nginx version (for security reasons) from probing. More details here: https://serverfault.com/questi…i-hide-all-server-os-info
    - Add some headers to WebGUI for security (Any header scan i.e. https://securityheaders.io will show the gaps)



    Most of the stuff above have simple solution: add lines inside nginx config files, or insert some headers in config.


    But all of them are important.

    • Offizieller Beitrag

    Upgrade it's version to stable 1.21.1, for some reasons: security, optimizations and HTTP/2 feature

    That won't happen, it would be a package to maintain. There is an underlying OS taking care of that. However there is nothing stopping you from building your own nginx package or binary.


    The other suggestions you can drop them at bugtracker, if the configurations are proven to work then why not?, or even better contribute, test and offload the main developer doing a PR at github.

    • Offizieller Beitrag

    But all of them are important.

    While I use it as a webserver as well, just try to remember that OMV was designed to be a NAS that is not exposed to the internet. Also, version number does not mean everything or that it is less secure. Security fixes are often backported in stable distros.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!