Commit graph

40 commits

Author SHA1 Message Date
ea77c68e16
bundles/nginx: hide content security headers coming from php 2023-09-02 20:49:05 +02:00
b01dcb0ff9
bundles/nginx: enable creating logs for debugging purposes 2023-09-01 05:53:37 +02:00
757e9e6bb8
bundles/nginx: add option to disable anon_timing log 2023-08-26 17:21:23 +02:00
Sophie Schiller
a8cf858d44 bundles/ntfy: first draft 2022-10-19 15:24:39 +02:00
aa5c7ff8b4
block access to the go /debug/pprof/ endpoint 2022-08-19 07:26:01 +02:00
56bafd73be
bundles/nginx: refine fastcgi config
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
2022-03-05 18:55:51 +01:00
Sophie Schiller
481c1c85e5 bundle/nginx set instead of HTTPS 2021-09-14 20:23:01 +02:00
65462ca536
bundles/nginx: default redirect mode should be 308 2021-08-22 07:20:45 +02:00
Sophie Schiller
e8d1582ed4 bw/nginx i hate whitespace
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
kunsi/bundlewrap/pipeline/pr-main This commit looks good
2021-08-07 22:01:40 +02:00
Sophie Schiller
6e3603553f bw/nginx retab everything
Some checks failed
kunsi/bundlewrap/pipeline/head There was a failure building this commit
kunsi/bundlewrap/pipeline/pr-main There was a failure building this commit
2021-08-07 21:59:07 +02:00
Sophie Schiller
ab21983a4f bw/nginx add not found page and deployment of error pages
Some checks failed
kunsi/bundlewrap/pipeline/pr-main There was a failure building this commit
kunsi/bundlewrap/pipeline/head There was a failure building this commit
2021-08-07 21:52:39 +02:00
d9d98116e6
bundles/grafana: increase proxy_read_timeout for /api/ds/query
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
2021-08-07 20:02:57 +02:00
cbc0a1a927
nodes/htz.ex42-1048908: fix X-Forwarded-For header for matrix-media-repo
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-07-04 20:03:22 +02:00
b5ab21549d
bundles/nginx: rename 'proxy' metadata to 'locations', support more generic options, move extras files to metadata
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-07-04 19:28:03 +02:00
68e79b4883
bundles/nginx: only add well-known alias for vhosts which use letsencrypt 2021-07-01 16:04:46 +02:00
db83b1614b
bundles/nginx: add anonymous timing logging for http requests
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-06-05 15:53:02 +02:00
1fbc08f74b
bundles/nginx: add a default security.txt to all vhosts
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-06-03 18:57:25 +02:00
44d42de81c
bundles/nginx: only redirect to ssl for sites which actually have ssl enabled
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-25 09:20:16 +02:00
d98a1adfd9
bundles/ssl: support using a preexisting ssl certificate 2021-04-25 09:09:23 +02:00
6a88040826
bundles/nginx: disable Federated Learning of Cohorts for all hosts
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-16 18:36:50 +02:00
b52a196c73
bundles/nginx: add configuration option for client_max_body_size
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-30 21:26:25 +02:00
74d81eb7ba
bundles/nginx: support disabling ssl for each vhost individually
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 14:25:27 +01:00
2aaf7cf8f8
bundles/nginx: better ssl 2021-01-24 18:44:13 +01:00
11701a67c8
dns: deploy MTA-STS
All checks were successful
bundlewrap/pipeline/head This commit looks good
2020-11-11 11:41:06 +01:00
f8bc4b2ad9
bundles/php: introduce 2020-10-31 13:00:38 +01:00
e2d8923dee
bundles/nginx: use metadata reactor to determine index files 2020-10-31 10:41:48 +01:00
7ea85247e0
bundles/nginx: proxy is a dict now, add some more configuration options
All checks were successful
bundlewrap/pipeline/head This commit looks good
2020-09-22 18:39:38 +02:00
151d8e92c3
bundles/nginx: do not set X-Forwarded-Proto if https is disabled, do not use http2 without ssl 2020-09-20 15:46:39 +02:00
d6799088c4
bundles/nginx: add metadata option to disable https 2020-09-20 14:36:43 +02:00
8547948ce6
bundles/nginx: also set host header for proxy connections 2020-08-19 21:43:37 +02:00
d7862918a6
bundles/nginx: set default X-Frame-Options to SAMEORIGIN
All checks were successful
bundlewrap/pipeline/head This commit looks good
2020-08-18 15:07:43 +02:00
17828a29f8
bundles/nginx: fix hsts header
All checks were successful
bundlewrap/pipeline/head This commit looks good
2020-08-14 08:23:41 +02:00
7986f6ee7d
bundles/letsencrypt: remove ocsp stapling
All checks were successful
bundlewrap/pipeline/head This commit looks good
This causes problems with weechat and dovecot. Those certificates
are short-lived, so not having OCSP stapling is probably fine.
2020-07-26 18:48:37 +02:00
f7eb0cc150
bundles/{letsencrypt,nginx}: fix ocsp stapling
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2020-07-19 12:10:19 +02:00
de632a7725
htz.ex42-1048908: add missing domains
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2020-07-19 11:26:12 +02:00
94c2c644a6
bundles/nginx: support PHP 7.3 2020-07-19 11:09:53 +02:00
85b3adf671
add proxy feature to nginx 2020-06-01 11:31:13 +02:00
3523edbcb4
bundles/nginx: ensure we're doing letsencrypt, since we're enforcing ssl 2020-06-01 11:17:52 +02:00
36c8b90c4b
bundles/nginx: switch to TLS 1.2 and 1.3 only
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2020-06-01 11:01:00 +02:00
c4330f866b
bundles/nginx: add deployment of vhost configs 2020-06-01 10:52:52 +02:00