Commit Graph

265 Commits

Author SHA1 Message Date
Steffen Weber 526ab0ff07 Add MIME-Types for .xsl files
The correct MIME-Type for XSL files is "application/xslt+xml" according to http://www.w3.org/TR/2007/REC-xslt20-20070123/#media-type-registration.
2015-01-14 11:17:25 +01:00
Roland Warmerdam 94d35d89ef Add the Mozilla SSL config generator to related projects 2014-12-16 21:48:16 +13:00
Drew Hammond ab567b7f83 Fix minor typos and the capitalization of acronyms
Close h5bp/server-configs-nginx#83
2014-11-25 01:48:48 +02:00
Joey Geiger 1089839e54 Fix typo in `expires.conf`
Close h5bp/server-configs-nginx#82.
2014-11-17 20:31:24 +02:00
Andy Dawson bb3dcda427 Merge pull request #81 from philippbecker/patch-1
Remove include directive in ssl.example.com
2014-11-10 09:54:52 +01:00
Philipp Becker fdee2c257c Remove include directive in ssl.example.com
To include the SSL related directives in the port 80 server block seems to be redundant.
Because we are redirecting explicit all incoming traffic via port 80 to the HTTPS host on
port 443 where only the *secure-connection-magic* is happen.

Maybe I am missing something, but I tested the configuration
under the following system and encountered no negative side effects:

**Server**
* Ubuntu 14.04 LTS
* Nginx 1.7.7 mainline

**Client**
* OS X 10.9.5
* Browser: FF 33, Chrome 38, Safari 7
2014-11-10 03:04:31 +01:00
Andy Dawson 228c5ccca0 Merge pull request #78 from ChrisMcKee/patch-4
Extra security headers without a home
2014-10-30 16:02:01 +01:00
Chris McKee cb0ca2934c Update extra-security.conf 2014-10-30 09:59:06 +00:00
Andy Dawson 67a259a471 Merge pull request #77 from ChrisMcKee/patch-3
Change note / add missing header
2014-10-29 20:03:19 +01:00
Andy Dawson 85018fa236 avoid long lines 2014-10-29 19:47:17 +01:00
Andy Dawson 62ef8ddbcc Merge pull request #75 from ChrisMcKee/patch-1
add secondary google dns ip and 2 failover DYN DNS public dns ips, and t...
2014-10-29 19:46:29 +01:00
Andy Dawson b7f043660a Merge pull request #76 from ChrisMcKee/patch-2
Update Cipher list to latest add version of STS
2014-10-29 09:36:36 +01:00
Chris McKee a3cf3aab00 Extra security headers without a home 2014-10-28 21:28:03 +00:00
Chris McKee a4b121a2e7 Change note / add missing header 2014-10-28 21:22:27 +00:00
Chris McKee a97cbecd12 Update Cipher list to latest add version of STS
Updated latest "intermediate" ciphers from mozilla
Add another version of the STS header including subdomains and comments
Add note at base to consider ssl-stapling
2014-10-28 21:20:37 +00:00
Chris McKee 6121b47151 add secondary google dns ip and 2 failover DYN DNS public dns ips, and timeouts 2014-10-28 21:09:57 +00:00
Steffen Weber 8ec8a82113 Move SVG media type into the "Images" group
SVG is primarily an image format. Its usage as a font format is a
legacy issue for supporting iOS 3 and iOS 4. In Chrome 38, support
for SVG fonts has been removed (http://caniuse.com/#feat=svg-fonts).
They have never been supported in Firefox or IE.

Close h5bp/server-configs-nginx#74
2014-10-27 17:46:39 +02:00
Andy Dawson b82491d00e Merge pull request #73 from Steffen185/patch-1
MIME-Types: support for .opus files
2014-10-27 15:48:37 +01:00
Steffen Weber e9dc7f6c78 MIME-Types: support for .opus files
http://en.wikipedia.org/wiki/Opus_(audio_format)
2014-10-27 15:31:54 +01:00
AD7six c8bcd99789 bump the minimum version requirement to 1.6.0
using the version shipped with debian stable (which is where 1.2.1 came
from) holds back this repository too much.
2014-10-24 16:13:56 +00:00
Andy Dawson 82ee454c90 Correct bad link 2014-10-24 12:21:13 +02:00
AD7six 46312a862a v1.0.0 2014-10-24 09:41:42 +00:00
AD7six 8d3af29b74 add a header doc block 2014-10-24 09:30:14 +00:00
AD7six 269fa6e43e add some structure to this bash script
Add help usage and examples. Some structural hints taken from
http://linuxcommand.org/html_text/new_script.README.html
2014-10-24 09:19:48 +00:00
AD7six e883e7d8c5 Add very simple debugging script
this script converts include statements to dump the included file's
contents inline.
2014-10-24 09:00:36 +00:00
AD7six 8dc4706e1e add a brief description of h5bp's contents 2014-10-23 17:15:04 +00:00
AD7six e8113fa555 Add doc files for sites-enabled|available 2014-10-23 16:18:38 +00:00
AD7six a873a55be7 Merge branch 'master' of github.com:h5bp/server-configs-nginx 2014-10-23 15:56:40 +00:00
AD7six 17ceffe681 whitespace matters 2014-10-23 15:53:48 +00:00
Andy Dawson 06d1a605cb Merge pull request #71 from h5bp/content_transformation_and_ngx_pagespeed
Add information on `ngx_pagespeed` and content transformation
2014-10-23 17:52:45 +02:00
AD7six 2a852fd5e1 add hotlink protection example
closes #7
2014-10-23 15:50:58 +00:00
AD7six f91d8fe776 Better wording 2014-10-23 15:24:03 +00:00
AD7six 28da5151ed correct typo 2014-10-23 15:23:29 +00:00
AD7six f861f2ff01 mention try_files in server context gotcha 2014-10-23 15:21:31 +00:00
AD7six 804ac371bc dynamicly handling request which match a location block 2014-10-23 15:14:19 +00:00
AD7six 8934017c17 add a document explaining request handling
it's not exactly the same as one might expect
2014-10-23 15:07:08 +00:00
Cătălin Mariș c7a2d3b476 Add info on ngx_pagespeed & content transformation
Provide information about `ngx_pagespeed` not rewriting any / some
of the resources if the `Cache-Control: no-transform` response header
is set.

Ref: https://developers.google.com/speed/pagespeed/module/configuration#notransform

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Thanks to @Nikita-S-Doroshenko for pointing this out!

Ref: h5bp/server-configs-apache#46
2014-10-23 14:08:00 +03:00
AD7six 9d38db3969 add a document (stub) for common problems
fixes #29
2014-10-23 09:40:45 +00:00
AD7six c7262a6993 add nginx-conf-md to the toc 2014-10-23 09:30:35 +00:00
AD7six 711e2946e4 add a description of nginx.conf
it's not intented to be complete, merely guide users unfamiliar with
nginx.

fixes #39
2014-10-23 09:27:23 +00:00
Andy Dawson 764c707262 Merge pull request #69 from mikealmond/ssl-updates
Updated SSL ciphers and added note about POODLE
2014-10-17 21:06:10 +02:00
Andy Dawson ce3f354ff2 Merge pull request #68 from DanielMarquard/patch-1
Removed includeSubDomains, and disable HTST by default
2014-10-16 11:44:53 +02:00
Daniel Marquard 99cdb58475 HSTS off by default
Consensus to disable HSTS by default.
2014-10-16 05:40:48 -04:00
Mike Almond 4cd1367b43 Remove quotes from SSL cipher list 2014-10-15 13:47:33 -04:00
Mike Almond fe256f3be7 Add note about POODLE attack against SSLv3 2014-10-15 11:22:09 -04:00
Mike Almond 25cbfb8942 Update SSL ciphers to the updated defaults by Mozilla 2014-10-15 11:17:04 -04:00
Daniel Marquard 5525eebf2b Removed "includeSubDomains"
As a best practice, Nginx should only direct clients to use the certificate on specified domains. This is because not all servers using other subdomains necessarily listen on 443 and because, unless it is a wildcard certificate, it likely won't be valid on subdomains other than WWW.
2014-10-14 00:16:22 -04:00
Andy Dawson 4ec8f51276 Merge pull request #59 from NotBobTheBuilder/master
Enable IPv6 listening
2014-10-01 12:10:40 +02:00
AD7six 537c939e72 Use a more conventional location for sites
it's more common (at meast IME) to use /var/www/example.com rather than
creating a new root folder `sites` to put apps in.
2014-10-01 10:03:49 +00:00
Andy Dawson c0fbc4fd11 Merge pull request #66 from philippbecker/patch-1
Fix typo in `getting-started.md`
2014-10-01 10:59:32 +02:00