Nginx package up and security idea/package!

[partounian]

Submit a feature request or bug report

• [x] I've read the guidelines for Contributing to Roots Projects
• [x] This is a feature request
• [ ] This is a bug report
• [x] This request isn't a duplicate of an existing issue
• [x] I've read the docs and followed them (if applicable)
• [x] This is not a personal support request that should be posted on the Roots Discourse forums

---

What is the current behavior?

We use the official mainline nginx ppa.

What is the expected or desired behavior?

We should use ondrej's [mainline] nginx PPA as he recommends it.

Also, check out https://coreruleset.org/ it seems awesome and even has the options for WP specific rules. I think this would be cool to add as an optional tool, if not then maybe I can create an ansible package to install this.

[swalkinshaw]

Do we know why he recommends it?

I'm not sure it matters in our case since we're on Ubuntu 16.04 and using the official Nginx PPA for the "development" version.

[partounian]

He doesn't mention it, and I assume they're just built with newer openssl versions with support for ALPN. But I haven't seen his reasoning.

On Sat, Dec 9, 2017, 8:58 AM Scott Walkinshaw notifications@github.com wrote:

Do we know why he recommends it?

I'm not sure it matters in our case since we're on Ubuntu 16.04 and using the official Nginx PPA for the "development" version.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/roots/trellis/issues/928#issuecomment-350488955, or mute the thread https://github.com/notifications/unsubscribe-auth/ACbIG8Cm2rCq2BfQWF3ZMEQWvFgA8X4zks5s-rwygaJpZM4Q1l2e .

--

Thank you, Patrick Artounian

[partounian]

But yes it is possible it doesn't matter because we're on 16.04 + mainline nginx.

On Sat, Dec 9, 2017, 9:00 AM Patrick Artounian partounian@gmail.com wrote:

He doesn't mention it, and I assume they're just built with newer openssl versions with support for ALPN. But I haven't seen his reasoning.

On Sat, Dec 9, 2017, 8:58 AM Scott Walkinshaw notifications@github.com wrote:

Do we know why he recommends it?

I'm not sure it matters in our case since we're on Ubuntu 16.04 and using the official Nginx PPA for the "development" version.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/roots/trellis/issues/928#issuecomment-350488955, or mute the thread https://github.com/notifications/unsubscribe-auth/ACbIG8Cm2rCq2BfQWF3ZMEQWvFgA8X4zks5s-rwygaJpZM4Q1l2e .

--

Thank you, Patrick Artounian

--

Thank you, Patrick Artounian

[swalkinshaw]

Yeah as far as I know that PPA was only needed in 14.04. We had looked at it before going to 16.04.