99.9999% of issues on 80/443 are apps run on the server not webserver itself.

It is applications that you run on web server that are exploited.

So serving static pages is safest thing you can do.