19ef6a8849
Fix typo in example conf ( #226 )
2019-04-14 19:31:05 +02:00
276af8da7b
Improve default Content-Security-Policy value ( #224 )
...
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
d186781282
Update `ngx_pagespeed` docs link
2019-03-24 22:21:07 +01:00
932e5ea5b7
Merge remote-tracking branch 'origin/master'
2019-03-24 01:50:13 +01:00
12b0ff87b9
Bump server-configs-test to v1.0.6
2019-03-24 01:50:04 +01:00
00373398ef
Keep testing CSP headers
2019-03-15 19:01:48 +01:00
29ff09ac95
Remove CSP from basic.conf includes
...
Too strong for general purposes.
Closes #222
2019-03-15 18:58:47 +01:00
9c6cca96c8
Release v3.0.1
2019-03-09 15:20:30 +01:00
cec616a103
SVGZ files are already compressed
...
Disable gzip function for them
Regression d2f4e5c68f
2019-03-09 15:08:44 +01:00
3b0c4c41df
Fix regexp expressions in mime-types maps
2019-03-09 13:45:33 +01:00
7e270ae657
Bump server-configs-test to v1.0.3
2019-03-09 13:17:33 +01:00
db1601f606
Use regexp in MIME-types based maps
2019-03-09 02:44:10 +01:00
06e5fc8445
Remove extra match-any regexp
2019-03-09 02:41:29 +01:00
d65cd97761
Use regexp in MIME-types based maps ( #221 )
...
Fix #220
Co-authored-by: Léo Colombaro <git@colombaro.fr>
2019-03-09 02:34:15 +01:00
50a6d793ce
Remove duplicated .conf in include
2019-02-13 14:45:52 +01:00
f600128203
Add Referrer-Policy for html document by default
2019-02-13 14:31:53 +01:00
c04dcb232f
Bump server-configs-test
2019-02-13 14:26:52 +01:00
48277fbc14
Bump server-configs-test
2019-02-13 14:16:45 +01:00
3cf23ea499
Bump server-configs-test
2019-02-13 14:10:36 +01:00
94a9cec172
Release v3.0.0
2019-02-12 17:03:13 +01:00
efafc1f52a
Use minimal env for Travis-CI builds
2019-02-12 12:53:16 +01:00
0acfbbd8fa
Bump server-configs-test
2019-02-12 12:31:41 +01:00
51f5ffab82
Clean up and prepare docs for v3
2019-02-12 12:25:30 +01:00
92a1c5df93
Let default servers be HTTP/2 compatible
2019-02-11 19:12:17 +01:00
3883f59739
Remove "duplicated" deferred
...
These suggestions are more complicated to use than just commenting them
out.
Users may face an errored situation.
Ref: a36387848fFix #199
2019-02-11 19:11:21 +01:00
a7b8831a12
fix typo in example.com.conf header comment
2019-02-11 18:03:04 +01:00
52e13535b4
Add test vhosts and Travis CI config
2019-02-11 16:18:43 +01:00
283b292c5e
Add default recommended headers
...
Since no more location directive is used, making these header
available everywhere is possible without breaking servers.
2019-02-10 22:20:05 +01:00
a4c9e2da8e
Better default certificates folder
...
Mapped as Docker Nginx image
2019-02-10 22:13:25 +01:00
6dd4cc27ed
Switch from location directives to maps based on MIME-types
...
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
2d135053cb
Move MIME-type and charset declaration into their own conf files
2019-02-10 20:40:50 +01:00
452b630330
Update gzipped MIME-type following web standard
...
Source https://github.com/jshttp/mime-db
2019-02-10 20:38:23 +01:00
e21aec5822
Block access to file #.*#
...
Used to contain sensitive data
2019-02-10 20:36:26 +01:00
1f5d6359be
Bump supported Nginx to 1.8.0
2019-02-10 20:33:30 +01:00
fe7ff95a7f
Fix MIME-type
...
Add application/wasm and text/calendar
2019-02-10 20:32:53 +01:00
8a4a1ce706
Delete inline script
...
Not used internally and not maintained
2019-02-10 20:31:54 +01:00
8919496406
Remove outdated docs and fix repo structure
...
Trying to make maintenance as easier as we can
2019-02-04 14:09:06 +01:00
76be9604e3
Reflect conf.d change is doc
2019-02-01 21:57:51 +01:00
306af367e9
Move server config to conf.d folder
...
Aligning with nginx docker image
Fix #95
2019-02-01 21:57:51 +01:00
d2531ac605
Rotate ssl policies to modernize protocols recommendations
...
Closes #210
2019-02-01 16:13:22 +01:00
3472f5ab0e
Exclude repo file on export
2019-02-01 13:05:28 +01:00
930980a517
Typo
2018-12-03 15:38:57 +01:00
eeeebd0da6
Add new TLS policy 'future' ( #211 )
...
This new TLS policy embraces the best security practices and performance characteristics by sacrificing compatibility with older clients.
2018-12-02 18:40:25 +01:00
df4be14a73
Improve cache-file-descriptors.conf doc
...
Closes #203
2018-12-02 17:23:44 +01:00
df23e0ba8c
Add DH parameters note to policy_intermediate.conf ( #212 )
...
For DHE ciphersuites, adding a diffie hellman parameter is a good practice. Only the intermediate policy uses DHE ciphersuites.
2018-12-02 17:05:11 +01:00
86d8ed33ca
Improve SSL directives declarations, order and descriptions
2018-12-02 12:57:01 +01:00
5a2f750c53
Add note explaining secure eleptic curve situation for modern TLS profile preset ( #209 )
2018-11-30 12:12:02 +01:00
5f3ce4f73c
Add back web_performance_cache_expiration ( #206 )
...
remove double include h5bp/location/security_file_access.conf;
2018-11-30 11:40:33 +01:00
8141562756
Add eleptic curves for intermediate profile preset
...
prime256v1 (NIST P-256), secp384r1 (NIST P-384) and secp521r1 (NIST P-521) have been deemed insecure as per Daniel J. Bernstein's research (https://cr.yp.to/newelliptic/nistecc-20160106.pdf , https://safecurves.cr.yp.to/ ).
Despite that, the adoption of X25519 is too slim. Limiting to that curve would mean dropping compatibility with Safari, Edge and Internet Explorer.
2018-11-30 11:38:25 +01:00
9b369d23a5
Add eleptic curves for modern profile preset
...
prime256v1 (NIST P-256), secp384r1 (NIST P-384) and secp521r1 (NIST P-521) have been deemed insecure as per Daniel J. Bernstein's research (https://cr.yp.to/newelliptic/nistecc-20160106.pdf , https://safecurves.cr.yp.to/ ).
Despite that, the adoption of X25519 is too slim. Limiting to that curve would mean dropping compatibility with Safari, Edge and Internet Explorer.
2018-11-30 10:21:38 +01:00
Jonathan Chun