Package: nginx
Severity: normal
These two lines in `/etc/nginx/nginx.conf` are inconsistent (`*.conf`
vs. `*`):
> include /etc/nginx/conf.d/*.conf;
> include /etc/nginx/sites-enabled/*;
Since all exmples for `sites-enabled` are using `*.conf` filenames, I
was naturally assuming that only those get included.
Including *everything* could in fact be a security risk (e.g. temp files
created by editors).
So I'm suggesting to do just the same in `sites-enabled` as in `conf.d`,
and change the second line by default to:
> include /etc/nginx/sites-enabled/*.conf;
See also https://trac.nginx.org/nginx/ticket/2244 for an actual issue
that was caused by this.
--
Schöne Grüße
Thomas Landauer
