I am not sure if this is the right sub, but yesterday I was having some issues with login with my user and was getting 403 error if I am not wrong and noticed that the NGINX version is exposed, which is a bad practice.

So if someone from the admins of Lemmy.world see this message, maybe they can change the NGINX config and hide the version flag by setting “server_tokens off;”.

  • s38b35M5@lemmy.world
    link
    fedilink
    arrow-up
    37
    arrow-down
    1
    ·
    edit-2
    1 year ago

    They likely won’t see this unless you tag them or cross post to [email protected]

    That said, I suspect the version is what’s standard in the docker image, so hidden or not, it’s easy to discover.

    Edit: on the other hand, does the latest nginx get pulled at time of creation?