2017-10-19 05:26 CEST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001798openmediavaultFeaturepublic2017-09-29 11:30
ReporterMathieuMD 
Assigned Tovotdev 
PrioritynormalSeverityminorReproducibilityN/A
StatusassignedResolutionopen 
Product VersionErasmus (3.x) 
Target VersionFixed in Version 
Summary0001798: Secure the WebUI by listening on a specific interface/address
DescriptionCurrent Nginx configuration generated by omv-mkconf is set to always listen on all available interfaces.

Allowing to restrict listening on a specific IP address could increase security.
Additional InformationOne of the four concerned blocs in /usr/share/openmediavault/mkconf/nginx.d/10webgui:
  -i "${ipv6enabled} = 0" \
    -v "concat(' listen ',port,';')" -n \

Which generates this line in /etc/nginx/sites-enabled/openmediavault-webgui:
listen 80;

Nginx "listen" directive doc:
http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
TagsNo tags attached.
Product build3.0.86
Attached Files

-Relationships
+Relationships

-Notes

~0004947

raulfg3 (reporter)

+1 to this feature, not only increase security, is a must for use pihole and asing it to a cloned IP like is described here:

https://forum.openmediavault.org/index.php/Thread/18777-HOWTO-Install-Pi-Hole/?postID=152817#post152817


without this feature I need to corect by hand file /etc/nginx/sites-enabled/openmediavault-webgui and when done OMV say in webGUI that are pending settings to do, if I push "apply", changes are out, and same if I push "revert", so is a pain to configure in a working enviroment.
+Notes

-Issue History
Date Modified Username Field Change
2017-08-01 17:41 MathieuMD New Issue
2017-08-01 17:41 MathieuMD Status new => assigned
2017-08-01 17:41 MathieuMD Assigned To => votdev
2017-09-29 11:30 raulfg3 Note Added: 0004947
+Issue History