@menel

That's true. I don't enable 443 on my #XMPP server, but have #nginx doing the #ALPN stuff. Another option is #sslh.

https://it-notes.dragas.net/2025/01/29/improving-snac-performance-with-nginx-proxy-cache/

http://mario.hopto.org/32191.html

#termux #nginx #bashblog

tldr; How common is it to find the software provided by the default Debian apt repo is out of date (maybe dangerously so) and you need to seek out a more secure version by setting apt to grab a different repo?

Long version:

OK, I have a sysadmin situation that I suspect may be fairly common, but it's the first time that I've encountered it because I'm new to all this:

* Host I'm operating is running Debian 12 Bookworm stable
* I updated my apt repo
* I installed nginx web server software from the default Debian apt repo
* Installed version of nginx is 1.22.1
* Shodan monitoring flags nginx 1.22.1 as end of life - (thank you @shodan)
* On investigation, nginx website shows a few known medium and low vulns in that version, and the latest mainline version of nginx is all the way up to 1.27.3 - so my current install is in fact five versions behind and very EOL
* obviously this is concerning because I don't want my server to get pwned
* nginx offers a way to update apt to point to their repo and pull the latest version (great service, thank you)

#sysadmin #homelab #nginx #debian #linux #infosec #cybersecurity #shodan