Commit Graph

123 Commits

Author SHA1 Message Date
Léo Colombaro 4a40f258a2
Use latest server-configs-test and align requirements 2021-06-29 00:54:40 +02:00
Léo Colombaro 25a569d97d
Add Cross Origin Policies headers
Ref https://github.com/h5bp/server-configs-apache/issues/250
2021-06-28 14:46:32 +02:00
Léo Colombaro 36310b927b
Add `Permissions-Policy` header
Ref https://github.com/h5bp/server-configs-apache/issues/179
2021-06-28 14:43:00 +02:00
Phil Wareham b9ef881d62
Add JPEG XL `image/jxl` MIME type () 2021-06-24 16:41:52 +02:00
Léo Colombaro db79ae491f
Fix documentation wording 2021-06-14 20:21:21 +02:00
Léo Colombaro 688348a5fd Modernize TLS configuration 2021-06-14 15:24:52 +02:00
Léo Colombaro f6e5a123e2
Improve security headers documentation
Refresh and reorder links
2021-06-14 12:38:26 +02:00
Léo Colombaro f239e2d043 Clean up IE reference 2021-06-14 01:14:22 +02:00
Léo Colombaro 836467c8b5 Drop `X-XSS-Protection` header usage as per its deprecation
Ref https://github.com/h5bp/server-configs-apache/pull/253
Ref https://github.com/h5bp/server-configs-apache/issues/198

Closes https://github.com/h5bp/server-configs-nginx/pull/260
2021-06-14 01:14:22 +02:00
Léo Colombaro 4556277ced Drop `X-UA-Compatible` header usage as per IE deprecation
Ref https://github.com/h5bp/server-configs-apache/issues/210
Ref https://github.com/h5bp/server-configs-apache/issues/182
2021-06-14 01:14:22 +02:00
Julio 501444ab43
Improve `X-Frame-Options` documentation ()
Co-authored-by: Léo Colombaro <git@colombaro.fr>
2021-06-13 23:30:25 +02:00
Léo Colombaro a9aea7038c Add mime-type `image/avif` and `image/avifs` 2021-01-05 10:49:47 +01:00
franz-josef-kaiser d7f6fa09d3 docs: Correct reference to weaker policy in doc block. 2020-12-30 00:09:53 +01:00
Pete Cooper 654f1aa49c minor presentational fixes 2020-12-29 20:55:50 +01:00
Léo Colombaro f0b3fd25ce
Improve writing
[ci skip]
2020-12-29 18:22:16 +01:00
Léo Colombaro abcf858614 Assorted grammar and link fixes 2020-04-14 11:54:27 +02:00
Léo Colombaro 98de990c1c Add expandable policies to SVGZ 2020-04-13 14:44:29 +02:00
Vincent Herbet d2f597235a Do no use non-ASCII characters in loaded configs
I had an issue with Certbot (let's encrypt) which failed to reload nginx due to a non-ASCII character in a loaded config file.
E.g.: `Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: 'ascii' codec can't decode byte 0xe2 in position 762: ordinal not in range(128). Skipping.`

I found this character using `grep -r -P '[^\x00-\x7f]' /etc/nginx`.
2020-02-05 18:33:14 +01:00
Léo Colombaro 28cb47df42
Rename no-transform.conf file to content_transformation.conf
Align with other files and with Apache struct
2020-01-04 18:06:00 +01:00
Léo Colombaro e0724b8149
Stricter default for Referrer Policy
Ref: https://github.com/h5bp/server-configs-apache/pull/204
2020-01-03 19:36:51 +01:00
Léo Colombaro 177a5e94a6
Improve HSTS documentation
Ref: https://github.com/h5bp/server-configs-apache/pull/196
2020-01-03 19:34:40 +01:00
minusf 7a44fdf69f Add `font/ttf` & `font/eot` to compressible mime-types list ()
Ref:
* 
* developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/webfont-optimization#reducing_font_size_with_compression
2019-10-25 10:59:10 +01:00
Rahil 0af305283f Fixed description for SSL session cache & timeout () 2019-09-08 00:46:31 +02:00
Jogendra Kumar 6d1a9d46e6 Additional compression method added for gzip () 2019-08-12 21:21:20 +02:00
Pete Cooper a1a746a347 Switch tertiary DNS used for OCSP checking to OpenDNS ()
Oracle is shutting down Dyn DNS in 2020.
2019-06-26 00:12:26 +02:00
Léo Colombaro bc39e4c07d
Revert "Drop Cache-Control: no-transform usage"
This partially reverts commit 282d979a

Ref https://github.com/h5bp/server-configs-apache/issues/185
2019-06-06 00:46:47 +02:00
Léo Colombaro 8db768bd61
Pre-compressed content usage config files
Closes 
2019-05-16 22:57:57 +02:00
Léo Colombaro d7fc6c362d
Fix rebase artifacts 2019-05-16 00:16:59 +02:00
Pete Cooper 67c54c53f1
Documentation formatting and reviewing ()
No code changes, some config reordering
2019-05-15 23:20:10 +02:00
Léo Colombaro c73d1efb60
Fix 304 responses Cache-control override
Fix 
2019-05-15 21:07:50 +02:00
Léo Colombaro 7418b5023b
Fix dropped Cache-Control: no-transform usage for SVGZ Compression 2019-05-15 19:02:13 +02:00
Léo Colombaro 0a6c880be0
Improve wording and file headers 2019-05-15 18:26:04 +02:00
Léo Colombaro 282d979af4
Drop Cache-Control: no-transform usage
Obsoleted with secure servers

See https://github.com/h5bp/server-configs-apache/issues/185
2019-05-15 18:24:30 +02:00
Pete Cooper 28874c33f0 Add Google Public DNS IPv6 and Cloudflare DNS IP addresses to `resolver` ()
Co-authored-by: Léo Colombaro <git@colombaro.fr>
2019-05-15 02:07:47 +02:00
Pete Cooper e30032165c Fix misc typos in comments () 2019-05-14 19:02:21 +02:00
Léo Colombaro 276af8da7b
Improve default Content-Security-Policy value ()
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
Léo Colombaro d186781282
Update `ngx_pagespeed` docs link 2019-03-24 22:21:07 +01:00
Léo Colombaro 29ff09ac95
Remove CSP from basic.conf includes
Too strong for general purposes.

Closes 
2019-03-15 18:58:47 +01:00
Léo Colombaro cec616a103
SVGZ files are already compressed
Disable gzip function for them
Regression d2f4e5c68f
2019-03-09 15:08:44 +01:00
Léo Colombaro 3b0c4c41df
Fix regexp expressions in mime-types maps 2019-03-09 13:45:33 +01:00
Léo Colombaro 06e5fc8445
Remove extra match-any regexp 2019-03-09 02:41:29 +01:00
Mark Woon d65cd97761 Use regexp in MIME-types based maps ()
Fix 

Co-authored-by: Léo Colombaro <git@colombaro.fr>
2019-03-09 02:34:15 +01:00
Léo Colombaro 50a6d793ce
Remove duplicated .conf in include 2019-02-13 14:45:52 +01:00
Léo Colombaro f600128203
Add Referrer-Policy for html document by default 2019-02-13 14:31:53 +01:00
Léo Colombaro 51f5ffab82
Clean up and prepare docs for v3 2019-02-12 12:25:30 +01:00
Léo Colombaro 283b292c5e
Add default recommended headers
Since no more location directive is used, making these header
available everywhere is possible without breaking servers.
2019-02-10 22:20:05 +01:00
Léo Colombaro a4c9e2da8e
Better default certificates folder
Mapped as Docker Nginx image
2019-02-10 22:13:25 +01:00
Léo Colombaro 6dd4cc27ed Switch from location directives to maps based on MIME-types
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
Léo Colombaro 2d135053cb
Move MIME-type and charset declaration into their own conf files 2019-02-10 20:40:50 +01:00
Léo Colombaro 452b630330
Update gzipped MIME-type following web standard
Source https://github.com/jshttp/mime-db
2019-02-10 20:38:23 +01:00