DigitalOcean

Question

Is Nginx 1.18 Included in the LEMP image Secure?

I recently provisioned a droplet using digitalocean’s LEMP 43 image on the marketplace.

I noticed that Nginx version is 1.18.0. According to Nginx official site, this version is no longer supported. Only supported versions currently are 1.24 and 1.25. I’m not sure if DigitalOcean maintains and patches the 1.18.0 version somehow on their own (maybe using some PPA?).

So basically I’m trying to understand, am I secure using this v1.18.0 that came with the LEMP image, or should I be looking to manually upgrade?

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
February 5, 2024

Heya @geochanto,

As already mentioned, this is the default version(latest) provided by the defualt Ubuntu repositories.

You can try and update Nginx to 1.25 or 1.24 if you want as explained bellow how to do it however I do believe that it shouldn’t be necessary. There are no active bugs or exploits for Nginx 1.18.

Bobby Iliev
Site Moderator
Site Moderator badge
February 2, 2024

Hi there,

Yes, this is still the latest version available on the default Ubuntu repositories:

https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#installing-prebuilt-ubuntu-packages

If you prefer to have v1.25 installed, what you could do is follow the steps from the above Nginx documentation, and install Nginx from the Official NGINX Repository rather than the default Ubuntu Repository.

  1. Install the prerequisites:

    sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring

  2. Import an official nginx signing key so apt could verify the packages authenticity. Fetch the key:

    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

  3. Verify that the downloaded file contains the proper key:

    gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

    The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:

    pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
  573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid                      nginx signing key <signing-key@nginx.com>

    If the fingerprint is different, remove the file.

  4. To set up the apt repository for stable nginx packages, run the following command:

    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

    If you would like to use mainline nginx packages, run the following command instead:

    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

  5. Set up repository pinning to prefer our packages over distribution-provided ones:

    echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx

  6. Install NGINX Open Source:

    sudo apt update
sudo apt install nginx

  7. Start NGINX Open Source:

    sudo systemctl start nginx

  8. Verify that NGINX Open Source is up and running:

    curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.25.1

Before the upgrade, it is always recommended to backup your Droplet.

If you wish, you could submit a feature request for the LEMP image on the Marketplace via this repository here:

https://github.com/digitalocean/droplet-1-clicks/issues

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Learn more

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Learn more

Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel
© 2024 DigitalOcean, LLC.Sitemap.