Updating NGINX and making it more secure

  • Hello, I'd like to ask the devs to please make some improvements to NGINX in OMV (for WebGUI and the plugin).


    - Upgrade it's version to stable 1.21.1, for some reasons: security, optimizations and HTTP/2 feature
    - Hide nginx version (for security reasons) from probing. More details here: https://serverfault.com/questi…i-hide-all-server-os-info
    - Add some headers to WebGUI for security (Any header scan i.e. https://securityheaders.io will show the gaps)



    Most of the stuff above have simple solution: add lines inside nginx config files, or insert some headers in config.


    But all of them are important.

  • Upgrade it's version to stable 1.21.1, for some reasons: security, optimizations and HTTP/2 feature

    That won't happen, it would be a package to maintain. There is an underlying OS taking care of that. However there is nothing stopping you from building your own nginx package or binary.


    The other suggestions you can drop them at bugtracker, if the configurations are proven to work then why not?, or even better contribute, test and offload the main developer doing a PR at github.

  • But all of them are important.

    While I use it as a webserver as well, just try to remember that OMV was designed to be a NAS that is not exposed to the internet. Also, version number does not mean everything or that it is less secure. Security fixes are often backported in stable distros.

    omv 5.6.18 usul | 64 bit | 5.11 proxmox kernel | omvextrasorg 5.6.3 | kvm plugin 5.1.7
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!