Commit Graph

62 Commits

Author SHA1 Message Date
Léo Colombaro 41689406c8 Expand responses to include CSP
Ref: https://github.com/h5bp/server-configs-apache/issues/187
2020-04-13 14:44:29 +02:00
Léo Colombaro e0724b8149
Stricter default for Referrer Policy
Ref: https://github.com/h5bp/server-configs-apache/pull/204
2020-01-03 19:36:51 +01:00
Pete Cooper 67c54c53f1
Documentation formatting and reviewing (#232)
No code changes, some config reordering
2019-05-15 23:20:10 +02:00
Léo Colombaro 276af8da7b
Improve default Content-Security-Policy value (#224)
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
Léo Colombaro db1601f606
Use regexp in MIME-types based maps 2019-03-09 02:44:10 +01:00
Léo Colombaro f600128203
Add Referrer-Policy for html document by default 2019-02-13 14:31:53 +01:00
Léo Colombaro 6dd4cc27ed Switch from location directives to maps based on MIME-types
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
Léo Colombaro 2d135053cb
Move MIME-type and charset declaration into their own conf files 2019-02-10 20:40:50 +01:00
Léo Colombaro 8919496406
Remove outdated docs and fix repo structure
Trying to make maintenance as easier as we can
2019-02-04 14:09:06 +01:00
Léo Colombaro 306af367e9 Move server config to conf.d folder
Aligning with nginx docker image
Fix #95
2019-02-01 21:57:51 +01:00
Léo Colombaro 3071e67d04
Tweaks and lint 2018-11-25 22:07:01 +01:00
Léo Colombaro 496af1cfd5
Split directives to enforce atomic structure
* Enforce H5BP style
* Improve inline documentation to simplify maintenance
* Prepare v3
2018-11-23 17:19:51 +01:00
Léo Colombaro e38617e7fb
Switch to `https` when possible 2018-11-23 13:15:44 +01:00
Andrea Falco 94262e7610 Changed GeoJSON and RDF media type (#186)
* Updated GeoJSON media type

Following https://tools.ietf.org/html/rfc7946#section-12

* Updated RDF media type

Following https://tools.ietf.org/html/rfc3870#section-2
2018-11-23 12:56:17 +01:00
Léo Colombaro 70ae5ded27 reflect mime changes in nginx.conf 2018-11-23 11:46:32 +01:00
Andy Dawson 3bda5b93ed Add defaults to all directives in nginx.conf
The reason most of these are changed is already covered by the existing
doc block

closes #127
2017-05-06 18:30:09 +02:00
Tobias Reich 294e08557c Updated gzip_types and charset_types
… both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed).
2016-08-20 17:17:01 +02:00
Craig Davison 73db8ccfd2 Fix typo 2016-03-22 15:27:19 +00:00
Craig Davison 605ec6f8c3 Improve comments in nginx.conf 2016-03-22 15:27:18 +00:00
Andy Dawson 029821b1a8 Merge pull request #130 from davisonio/specify-keepalive_timeout
Specify that keepalive_timeout is in seconds
2016-01-29 21:11:41 +01:00
Andy Dawson 740ba774f5 Merge pull request #124 from appleboy/patch-3
fix format.
2016-01-29 21:10:25 +01:00
Craig Davison 7c3a67131c Change default value in comment 2016-01-23 14:05:55 +00:00
Craig Davison 35434b3361 Specify that keepalive_timeout is in seconds 2016-01-23 13:59:22 +00:00
Bo-Yi Wu 3270937c3a fix format.
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2015-12-04 22:25:31 +08:00
beilharz 5934741e15 Update nginx.conf
Typo: sites-available should be sites-enabled
2015-11-25 09:49:15 +01:00
Andy Dawson e2ab3b5800 Merge pull request #112 from philippbecker/mime-types
Update media types
2015-09-11 10:49:24 +02:00
Andy Dawson 0932b4d10c Merge pull request #111 from pentago/master
Added FreeBSD w/ ZFS performance instructions
2015-09-11 10:46:34 +02:00
St. Isidore de Seville 19d0f8ffbf fix #113 2015-08-29 21:05:56 -04:00
Philipp Becker f719f3e8e4 Update media types in `nginx.conf` 2015-07-21 11:34:05 +02:00
Goran dc3bae07ad Added FreeBSD w/ ZFS performance instructions
On FreeBSD systems with ZFS, sendfile() is useless as ZFS's caching subsystem (adaptive replacement cache a.k.a ARC) already caches most frequently used files in RAM. Disabling sendfile() avoids redundant data caching. 

References: 
https://calomel.org/nginx.html
http://blog.vx.sk/uploads/conferences/EuroBSDcon2012/zfs-tuning-handout.pdf
2015-07-06 19:10:45 +02:00
Eric Andrew Lewis 01af1c1e43 Add an inline documentation link to the sites-enabled documentation page. 2015-06-12 09:52:16 -04:00
Eric Lewis 01cefcda17 Explain why everything in the sites-enabled folder is included 2015-06-11 10:27:20 -04:00
Cătălin Mariș 6c1793bb68 Update the list of resources to be compressed
Ref: a0c4e17190/src/web_performance/compression.conf
2015-03-25 11:10:39 +02:00
Andy Dawson 3db5d61f81 Merge pull request #55 from cannie/patch-1
Use relative path for mime.types
2014-08-13 16:23:27 +02:00
Vladimir Sazhin a83dd2d119 Use relative path for mime.types 2014-08-13 15:00:14 +04:00
Drew Hammond d8891a1b4c Remove gzip_http_version parameter
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
2014-07-31 22:48:09 -04:00
AD7six b5004a9b46 don't include ssl config by default
If the server has no ssl config - there's no need to load a config file
full of ssl config
2014-07-28 14:44:28 +00:00
AD7six 029ff47286 move ssl config to a seperate file 2014-07-28 14:08:19 +00:00
AD7six 5142e91ecf Remove tcp_nodelay
The Nagle buffering algorithm is apparently that the best thing
to enable by default.

closes #28
2014-07-28 13:52:39 +00:00
Odontopera Mediochrea fa41e580df Added missing semicolon, removed text/html charset
I believe the error was because text/html is implied by default.
2014-01-30 23:23:31 +02:00
Andy Dawson 1a08f51108 Merge pull request #34 from h5bp/charset_types
Fix charset_types as mime.types is updated
2014-01-28 13:28:10 -08:00
Chris McKee 91cac519ef ssl_ciphers update
Updated ciphers to provide forwarding secrecy, a wider range of support and to match those provided by Mozilla security https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
2014-01-27 13:54:16 +00:00
Tsz Ming WONG e44a8ad34b Fix charset_types as mime.types is updated 2014-01-16 11:10:49 +02:00
AD7six 1348cb9bfb Ensure compatibility with earlier/current versions of nginx
auto was not introdued until 1.3.8 and 1.2.5.

Debian wheezy for example only comes with 1.2.1, only the next version
(in testing) will have a version of nginx which supports auto.
2013-11-20 18:06:02 +00:00
Corprew Reed eb6a58c6cc grammar, doesn't modify code. 2013-11-18 21:38:57 -08:00
Cătălin Mariș c367e809db Move nginx server configs to their own repository 2013-07-29 01:55:11 +03:00
AD7six ddedf07f48 move all server configs into folders
easier to organise. We could also possibly then simply add a README
file toeach folder rather than use wiki pages - maybe.
2012-02-04 10:45:24 +01:00
AD7six 54d4437c2f add expire rules mimicking that of the apache config
These rules are closer to the expire logic defined for apache, and also
use a none-capturing regex which will be (unnoticably) faster.

Added a comment as to why there is no default expire header defined.
2012-01-30 18:19:22 +01:00
AD7six 703a75c229 do not set a default expire
Unless your entire site is static it's inappropriate to do so - dynamic
requests will be cached by the browser unless your application code
overrides the expires which nginx is setting by default.
2012-01-27 15:18:18 +01:00
ram 5e161c6ddf Specify a charset. 2011-11-22 18:15:33 +05:30