diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix
index eefddf5a206b..edcaa10d969d 100644
--- a/nixos/modules/services/monitoring/netdata.nix
+++ b/nixos/modules/services/monitoring/netdata.nix
@@ -14,6 +14,10 @@ let
     global = {
       "plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d";
     };
+    web = {
+      "web files owner" = "root";
+      "web files group" = "root";
+    };
   };
   mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);
   configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);
diff --git a/nixos/tests/netdata.nix b/nixos/tests/netdata.nix
index c56506ba2874..eb45db6f04c3 100644
--- a/nixos/tests/netdata.nix
+++ b/nixos/tests/netdata.nix
@@ -19,8 +19,12 @@ import ./make-test.nix ({ pkgs, ...} : {
     startAll;
 
     $netdata->waitForUnit("netdata.service");
-    # check if netdata can read disk ops for root owned processes. 
-    # if > 0, successful. verifies both netdata working and 
+
+    # check if the netdata main page loads.
+    $netdata->succeed("curl --fail http://localhost:19999/");
+
+    # check if netdata can read disk ops for root owned processes.
+    # if > 0, successful. verifies both netdata working and
     # apps.plugin has elevated capabilities.
     my $cmd = <<'CMD';
     curl -s http://localhost:19999/api/v1/data\?chart=users.pwrites | \
diff --git a/pkgs/tools/system/netdata/default.nix b/pkgs/tools/system/netdata/default.nix
index 7bb98e8e80c4..6f86647f4c70 100644
--- a/pkgs/tools/system/netdata/default.nix
+++ b/pkgs/tools/system/netdata/default.nix
@@ -1,22 +1,19 @@
 { stdenv, fetchFromGitHub, autoreconfHook, zlib, pkgconfig, libuuid }:
 
 stdenv.mkDerivation rec{
-  version = "1.9.0";
+  version = "1.10.0";
   name = "netdata-${version}";
 
   src = fetchFromGitHub {
     rev = "v${version}";
     owner = "firehol";
     repo = "netdata";
-    sha256 = "1vy0jz5lxw63b830l9jgf1qqhp41gzapyhdr5k1gwg3zghvlg10w";
+    sha256 = "02spfisabjkkgd9fairldlf84n83vbv2xafg0g5jrpfa972pjl9r";
   };
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];
   buildInputs = [ zlib libuuid ];
 
-  # Allow UI to load when running as non-root
-  patches = [ ./web_access.patch ];
-
   # Build will fail trying to create /var/{cache,lib,log}/netdata without this
   postPatch = ''
    sed -i '/dist_.*_DATA = \.keep/d' src/Makefile.am
diff --git a/pkgs/tools/system/netdata/web_access.patch b/pkgs/tools/system/netdata/web_access.patch
deleted file mode 100644
index ae4d29185de4..000000000000
--- a/pkgs/tools/system/netdata/web_access.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- a/src/web_client.c.orig
-+++ b/src/web_client.c
-@@ -302,7 +302,7 @@
-         buffer_strcat_htmlescape(w->response.data, webfilename);
-         return 404;
-     }
--
-+#if 0
-     // check if the file is owned by expected user
-     if(stat.st_uid != web_files_uid()) {
-         error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
-@@ -320,7 +320,7 @@
-         buffer_strcat_htmlescape(w->response.data, webfilename);
-         return 403;
-     }
--
-+#endif
-     if((stat.st_mode & S_IFMT) == S_IFDIR) {
-         snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename);
-         return mysendfile(w, webfilename);