Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Remove port 80 from PMM NGINX config

Description

Hi,

Currently PMM serves incoming requests on ports 80 and 443(secured).

This configuration contradicts OWASP-TOP10 "A02:2021 – Cryptographic Failures" https://owasp.org/Top10/A02_2021-Cryptographic_Failures/

OWASP provides a recommendation regarding this issue:

How to test

None

How to document

None

Activity

Naresh September 11, 2023 at 2:24 PM

Thanks for the update.

I thought it will affect to existing running PMM servers. Why because, we are using the below command to run the container. Here we are using --publish 80:80 port.

docker run --detach --restart always --publish 80:80 --publish 443:443 --volumes-from pmm-data --name pmm-server percona/pmm-server:2

Roma Novikov September 11, 2023 at 1:48 PM

, this will not be related to SSL. it's about pmm listening on port 80 . as it's optional. the 443 is a must.

But open 80 inside pmm server (not exposed to the host machine causes confusion, so we plan to remove it at all )

Naresh September 7, 2023 at 2:16 PM

Does it affect individuals who don't have an SSL setup?

Roma Novikov July 17, 2023 at 12:52 PM

Currently, PMM is not exposing (by our instructions) the docker port 80. So I'm decreasing the priority here. Moving this as deprecation to pmm3 scope

Aaditya Dubey July 17, 2023 at 9:04 AM

Hi ,

Thank you for the report.

Details

Assignee

Reporter

Priority

Components

Labels

Needs QA

Yes

Needs Doc

Yes

Smart Checklist

Created July 17, 2023 at 8:38 AM
Updated June 26, 2024 at 9:39 AM