How to update NGINX version to version 1.26.2

I host a client's website on a dedicated server running CWP hosted at inmotionhosting.com . My client recently hired a cybersecurity company to check the security of their digital assets which includes the website I host for them. The only issue flagged as HIGH in the report is the outdated version of NGINX nginx-1.14.2  which I am using on the server.  The remedy to this is to update to more current version like nginx-1.26.2 .

My host's advanced support reps, tell me this is currently IMPOSSIBLE to achieve because CWP is yet to release an update for nginx above the currently installed version 1.14.2.. They say any attempt to update it will break my server and thus we have to wait for an official update from CWP.  This is what has brought me here. my question therefore is ,

How Can I update the version of NGINx to 1.26.2 without breaking my server.

I am dire need of a solution else I risk losing my client.

Are you running an EL8 release (AlmaLinux 8 or Rocky Linux ? [You should be...]
https://blog.alphagnu.com/update-nginx-to-latest-official-version-in-centos-8-el8-cwp/

I just want to fill in, I already updated nginx to the latest version on 4 servers and for those with CWP + Almalinux 8 the best solution is here:

https://www.alphagnu.com/topic/55-how-to-install-latest-stablemainline-nginx-in-cwp-centos-89-stream-almalinux-89-rockylinux-89/

First of all I find this commands, to disable and remove installed nginx, much more reliable:

Code: [Select]

sudo dnf module disable nginx -y
sudo dnf remove nginx* -y

Second, nginx.repo is recommended for public servers to install nginx stable version not mainline because not all mainline updates are fully tested. That said, you can use the Yum Manager to edit the nginx.repo repository or the terminal:

Code: [Select]

sudo > /etc/yum.repos.d/nginx.repo
sudo nano /etc/yum.repos.d/nginx.repo

And then add this repository for official stable version of nginx:

Code: [Select]

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Attention Almalinux users  dnf and yum are not 100% the same thing. The dnf command is official in Almalinux and yes compatibility with yum is kept for those who have transitioned from Centos, but in a fresh install it is recommended to use dnf when processing installations or uninstalls for 100% compatibility with Almalinux and Centos Web Panel.

So, to proceed with the installation of the latest stable version of nginx, run the commands:

Code: [Select]

sudo dnf install nginx -y
sudo systemctl enable nginx
sudo systemctl restart nginx

As a CWP client, you must rebuild the webserver after updating. It is advisable to make a backup of at least the configurations in /etc/nginx/nginx.conf, although  I recommend a more compact backup:

Code: [Select]

sudo cp -r /etc/nginx /etc/nginx.pre-upgrade

Want to know what vulnerabilities nginx 1.14.2 has? See them here:

https://www.cybersecurity-help.cz/vdb/nginx/nginx/1.14.2/

BONUS!

My version of nginx.conf optimized for 2025 with Nginx version 1.26.2 (more tweaks can be made, but these are safe and CWP compatible):

Code: [Select]

user nobody;
worker_processes auto;
#worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log crit;
pid                     /var/run/nginx.pid;

events {
worker_connections  1024;
use                 epoll;
multi_accept        on;

}

http {
    # Dezactivează afișarea informațiilor despre server
    server_tokens off;

    # Include MIME types (nu adăugăm duplicat)
    include mime.types;
    default_type application/octet-stream;

    # Configurări pentru timeout și buffer
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 3m;
client_body_timeout 3m;
client_max_body_size 256m;
client_header_buffer_size 4k;
client_body_buffer_size 256k;
large_client_header_buffers 4 32k;
send_timeout 3m;
keepalive_timeout 60 60;
reset_timedout_connection       on;
server_names_hash_max_size 1024;
server_names_hash_bucket_size 1024;
ignore_invalid_headers on;
connection_pool_size 256;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;

    # Compresie GZIP
    gzip on;
    gzip_vary on;
    gzip_disable "msie6";
    gzip_proxied any;
    gzip_min_length 512;
    gzip_comp_level 6;
    gzip_buffers 8 64k;
    gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype;

    # Configurări SSL
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+AESGCM:EECDH+aRSA+AESGCM:!RC4:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;

# Proxy settings
proxy_redirect      off;
proxy_set_header    Host            $host;
proxy_set_header    X-Real-IP       $remote_addr;
proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header   Set-Cookie;
proxy_connect_timeout   300;
proxy_send_timeout  300;
proxy_read_timeout  300;
proxy_buffers       32 4k;
proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
proxy_cache_key "$host$request_uri $cookie_user";
proxy_temp_path  /var/cache/nginx/temp;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_valid any 1d;

    # Setări open_file_cache
open_file_cache_valid 120s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
open_file_cache max=5000 inactive=30s;
open_log_file_cache max=1024 inactive=30s min_uses=2;

    # Limitare de rată pentru cereri abuzive
    limit_req_zone $binary_remote_addr zone=limit_zone:10m rate=10r/s;

    # Evitare cache pentru utilizatorii autentificați WordPress
    map $http_cookie $no_cache {
        default 0;
        ~SESS 1;
        ~wordpress_logged_in 1;
    }

# Logs
log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';
log_format  bytes   '$body_bytes_sent';
#access_log          /var/log/nginx/access.log main;
access_log off;

    # Includem fișierele suplimentare de configurare
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/cloudflare.inc;

}


Thanks, that's great! You should contribute more!

Thanks, that's great! You should contribute more!

In fact, know that this is also my thought since the beginning of the year. I have been here in the community for many years and I have not contributed from my experience, until now. Think about it, I'm a fan of CWP after getting fed up with CPanel/WHM, and because all the hosting companies in my country promote them, but also because their license costs don't justify sacrificing the resources of a machine for a control panel + other reasons. I'm not even talking about the others with similar tools. CWP has something special and it pleases me!

The community should relax, I'm here too from now on and I'm going to contribute everywhere. 

Have you seen how many unanswered topics are on here? You don't know how many times I couldn't find any solution here or anywhere online and solved the problem myself.

Man, we almost have an open source control panel here. We help each other! There is no such thing in the official competition forums! They get official help. Here... they are too busy to offer something like that (or unprofessional?)...

Respect @Sandeep !