Atomicorp

We are running most Plesk servers with ASL with Apache only. We are considering switching to the default Apache+Nginx setup for some Plesk+ASL servers. Is there anything special we should take into consideration when switching to this setup on an ASL server? What is Atomicorps opinion about the security of the Nginx package that is provided by Plesk (sw-nginx-1.5.0-1.13060711.centos6.x86_64)?

Anyone care to share their experience (other Plesk users) or opinion (ASL/Scott)?

Well I think it has potential but it still needs some maturity. The waf implementation is starting to get there, but its still pretty rough (this is as much mod_security's fault as nginx's). Over all I put it below proftpd in terms of lack of trust.

I notice that the Plesk packages for Nginx are behind on security updates (1.5.0 on CentOS 6, 1.6.0 on CentOS 7).

Have you taken any measures against this?
Could you do something similar as with the psa-proftpd package?
Or would you say we should take this up with Plesk? We've already send them a message about this.

I think we could do updates for it just like wer'e doing with proftpd. Or at the very least do something like php panda where they could coexist.