release prebuilt package in apt repository about ngx_security_headers HOT 6 OPEN

I added this module in my own stack on http://deb.paranoid.nl/pages/nginx.html

from ngx_security_headers.

Hi @eilandert ,

Thank you for that. A bit an off-topic question, but have you seen any issue when you don't place the ModSecurity module's load_module as last in the configuration?

Asking because I see you added that note also, and I can't seem to reproduce #1 with the recent ModSecurity, and then it would be good to get rid of that note about having to load it last.

from ngx_security_headers.

Hi @dvershinin,

I haven't seen interactions with your module, but have in the past with other security modules. So when I checked your module it seemed only logical to add that note ;-)

from ngx_security_headers.

@dvershinin Just out of interest as this has been an open issue for a bit of time, is an apt repository something you would consider? I appreciate you seem to work with rpm based Linux distributions i.e. Redhat, CentOS, Fedora etc, but for those running Debian based distro's i.e. Ubuntu Server, an apt repository is certainly going to be useful to install as a package, much like the nginx extras package.

Compiling modules is fun and all, but maintaining and keep such updated is more painful. Less so when your NGINX version is fairly stable on the LTS branch, more of a problem when you have NGINX update more frequently or indeed the module itself.

from ngx_security_headers.

@jamesmacwhite apt repository is something planned, for sure. It is simply that existing RHEL RPM builds provided an easier way to expand to more RPM-based systems.

Now that the Fedora packages system is complete, the RPM repository covers most of the RPM userbase. So it is a good time to start with the deb packaging effort, which has a furthermore larger userbase...

The question is, whether to base the deb releases from nginx.org's packaging or nginx-extras, etc. of Ubuntu's own packaging efforts:

• If the module's deb package/repository targets nginx.org packaging conventions, it can be used without problems if nginx itself was installed from nginx.org repo;
• if it targets/is based on Ubuntu's own nginx packaging for nginx and modules, it will be incompatible with users of nginx.org repositories...

from ngx_security_headers.

That's good that it's potentially planned.

I prefer to not add loads of PPAs and repos unless necessary, I have installed nginx from Ubuntu's standard repos which is currently nginx 1.18 on 20.04.4 LTS, so a little behind, but LTS favouring more stable and longer term support anyway.

I understand the dilemma though.

from ngx_security_headers.