Commit Graph

469 Commits

Author SHA1 Message Date
Daniel Marquard 5525eebf2b Removed "includeSubDomains"
As a best practice, Nginx should only direct clients to use the certificate on specified domains. This is because not all servers using other subdomains necessarily listen on 443 and because, unless it is a wildcard certificate, it likely won't be valid on subdomains other than WWW.
2014-10-14 00:16:22 -04:00
Andy Dawson 4ec8f51276 Merge pull request #59 from NotBobTheBuilder/master
Enable IPv6 listening
2014-10-01 12:10:40 +02:00
AD7six 537c939e72 Use a more conventional location for sites
it's more common (at meast IME) to use /var/www/example.com rather than
creating a new root folder `sites` to put apps in.
2014-10-01 10:03:49 +00:00
Andy Dawson c0fbc4fd11 Merge pull request #66 from philippbecker/patch-1
Fix typo in `getting-started.md`
2014-10-01 10:59:32 +02:00
Philipp Becker 4617fd2e18 Fix typo in `getting-started.md`
User and group name should be separated by a space character.
Otherwise, only one value `www-data-www-data` is passed:

"If group is omitted, a group whose name equals that of user is used."
2014-09-30 11:46:34 +02:00
Przemek Matylla f9b58cd883 Add configs for WOFF 2.0 font files (`.woff2`)
Ref: http://www.w3.org/TR/WOFF2/
     h5bp/server-configs-apache#32

Close: h5bp/server-configs-nginx#54
2014-09-03 15:31:25 +03:00
Matthew Haughton b75cbfdafe Remove Chrome Frame related comment
Fix h5bp/server-configs-nginx#30
Close h5bp/server-configs-nginx#62
2014-09-03 15:16:05 +03:00
Jack Wearden 0ccf9b03cb IPv6 only is the default 2014-08-21 00:32:02 +01:00
Jack Wearden 264738a043 IPv6 only is the default 2014-08-21 00:31:37 +01:00
Jack Wearden 9326c69219 IPv6 support 2014-08-20 23:55:04 +01:00
Jack Wearden 2ac65dbb5d IPv6 support 2014-08-20 23:54:07 +01:00
Andy Dawson 3db5d61f81 Merge pull request #55 from cannie/patch-1
Use relative path for mime.types
2014-08-13 16:23:27 +02:00
Andy Dawson 52ccc699a8 Merge pull request #50 from drewhammond/gzip_http_version
Remove gzip_http_version parameter
2014-08-13 16:22:47 +02:00
Andy Dawson 069dd1480c Merge pull request #53 from giggsey/patch-1
Fix 'directive' typo in example ssl config
2014-08-13 16:21:52 +02:00
Vladimir Sazhin a83dd2d119 Use relative path for mime.types 2014-08-13 15:00:14 +04:00
Joshua Gigg bf68202033 Fix 'directive' typo
Spotted by @honi in #51
2014-08-12 14:03:13 +01:00
Cătălin Mariș 8510caa5c6 Add missing semicolons in `ssl.example.com`
Close h5bp/server-configs-nginx#52.
2014-08-07 15:01:30 +03:00
Drew Hammond d8891a1b4c Remove gzip_http_version parameter
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
2014-07-31 22:48:09 -04:00
AD7six fc610f495a Merge branch 'feature/split-ssl'
Add ssl config from istlsfastyet.com

Some doc changes needed, but this includes all of the config changes

Closes #44
2014-07-28 15:01:30 +00:00
AD7six 332998a2db use a much longer ssl_session_timeout
To match the settiongs from istlsfastyet.com

Add a mention of ssl_buffer_size even though it can 't be enabled yet
2014-07-28 14:56:27 +00:00
AD7six aac9d71d54 add ssl example site
ensure to avoid any use of if as that's "extremely inefficient" and
eliminate redirects where possible
2014-07-28 14:52:00 +00:00
AD7six b5004a9b46 don't include ssl config by default
If the server has no ssl config - there's no need to load a config file
full of ssl config
2014-07-28 14:44:28 +00:00
AD7six 72f9509a5e disable ssl_session_tickets
it's only recently added so is a config error otherwise
2014-07-28 14:42:35 +00:00
AD7six 7295a765ee add stubs for ssl-stapling and spdy 2014-07-28 14:38:22 +00:00
AD7six 759bf84163 Default to use HTTP strict transport security 2014-07-28 14:30:00 +00:00
AD7six 398036440b add increased ssl timeout 2014-07-28 14:29:04 +00:00
AD7six d996d2da0c turn off ssl session tickets
Stolen from istlsfastyet.com's config

It is probably a more logical default to turn off session tickets
given the diff linked in the comment block.
2014-07-28 14:20:58 +00:00
AD7six 08d4bbbd04 remove SSLv3 from the ssl protocol list
As suggested in #44, and since h5bp doesn't support IE6 it seems to be
appropriate to remove a protocol which is in the list only to permit use
with IE6.
2014-07-28 14:16:09 +00:00
AD7six 029ff47286 move ssl config to a seperate file 2014-07-28 14:08:19 +00:00
AD7six 5142e91ecf Remove tcp_nodelay
The Nagle buffering algorithm is apparently that the best thing
to enable by default.

closes #28
2014-07-28 13:52:39 +00:00
Syed I.R 7cae83a0cf Fix typo, Update/Add Nginx Command to test a particular config file, Update Restart Command & Comments. 2014-07-28 13:43:34 +00:00
Syed I.R fc53165d01 Format README, Add Verify Config & Restart Nginx Command. 2014-07-28 13:43:34 +00:00
Marvin Roger 03dc5e07e6 Fix typo
Close h5bp/server-configs-nginx#48.
2014-06-26 22:42:12 +03:00
Syed I.R 2f57c32060 Make minor format related improvement in README.md 2014-06-22 22:08:03 +03:00
AD7six bf0e3657f9 apply cross-domain changes proposed in #23
closes #23
2014-04-08 10:13:29 +00:00
Andy Dawson 46e4d5b30b Merge pull request #36 from mediochrea/master
Added missing semicolon, removed text/html charset
2014-01-31 10:40:40 -08:00
Odontopera Mediochrea fa41e580df Added missing semicolon, removed text/html charset
I believe the error was because text/html is implied by default.
2014-01-30 23:23:31 +02:00
Andy Dawson 1a08f51108 Merge pull request #34 from h5bp/charset_types
Fix charset_types as mime.types is updated
2014-01-28 13:28:10 -08:00
Andy Dawson 5451d17260 Correct link to documentation. 2014-01-28 22:25:39 +01:00
Andy Dawson d34033193f Merge pull request #31 from alimony/patch-1
Fix broken documentation link.
2014-01-28 13:25:07 -08:00
Andy Dawson b1549a8438 Merge pull request #35 from ChrisMcKee/patch-1
ssl_ciphers update
2014-01-28 13:17:10 -08:00
Chris McKee 91cac519ef ssl_ciphers update
Updated ciphers to provide forwarding secrecy, a wider range of support and to match those provided by Mozilla security https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
2014-01-27 13:54:16 +00:00
Andy Dawson e1ff007951 Merge pull request #32 from Slix/patch-1
Fix spelling errors in nginx config docs.
2014-01-21 08:47:56 -08:00
Tsz Ming WONG e44a8ad34b Fix charset_types as mime.types is updated 2014-01-16 11:10:49 +02:00
Peter Kowalczyk d2bc65f6eb Fix spelling errors in nginx config docs. 2014-01-10 22:21:07 -06:00
Markus Amalthea Magnuson 353a5df984 Update README.md 2013-12-23 11:15:32 +01:00
Andy Dawson 8a870c2e5b Merge pull request #30 from appleboy/develop
Remove Chrome Frame meta tag
2013-12-23 02:01:17 -08:00
Markus Amalthea Magnuson bc21d74cd2 Fix broken documentation link.
The documentation link in the README is broken. It can be fixed either by changing "blob" to "tree", or by linking to the table of contents. This fix opts for the latter.
2013-12-22 10:43:21 +01:00
Bo-Yi Wu b4d4ebb357 Remove Chrome Frame meta tag. Reference h5bp/server-configs-nginx#2 2013-12-21 17:41:25 +08:00
Andy Dawson 209bea1152 Merge pull request #27 from irazasyed/patch-1
Renamed h5bp.conf to basic.conf README
2013-12-03 12:47:21 -08:00