[Bug] X-Powered-By header is expose

[mcujba]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

x-powered-by expose php version.

~ curl --head  https://bookstack.site.com
HTTP/2 302
date: Mon, 23 Sep 2024 10:38:02 GMT
content-type: text/html; charset=utf-8
location: https://bookstack.site.com/login
server: nginx
x-powered-by: PHP/8.3.1
cache-control: no-cache, no-store, private

Expected Behavior

Base a security recommendation this header nee to be removed

Steps To Reproduce

~ curl --head  https://bookstack.site.com
**x-powered-by: PHP/8.3.10**

Environment

- Run on Amawon ECS
- How docker service was installed: terrafom deploy container definition

CPU architecture

x86-64

Docker creation

we use `lscr.io/linuxserver/bookstack:24.05.4` without modifications

Container logs

no anomalies

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[github-actions[bot]]

A human has marked this issue as invalid, this likely happened because the issue template was not used in the creation of the issue.

[Roxedus]

While this bug report is not properly filled, you are free to edit the nginx configuration to see fit, it is stored in persistent storage.

[mcujba]

yes, I could do that. But I think it should already be in the registry image. It's a case of security.

[Roxedus]

While the security aspect is present, we purposely follow the default config provided by Alpine https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.20-stable, which again builds on the default Nginx config.

If this image was built to be directly exposed to the internet, it would have a hardened default, but as with any of our nginx based image (excluding SWAG), this is not built to be directly exposed to the internet, but rather be behind a reverse proxy(in which you can strip both the server and x-powered-by header).

Shipping this change by default is out of scope of this image.