gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity
326 Commits 2 Branches 12 Tags 1.2 MiB
Commit Graph

326 Commits

Author SHA1 Message Date
AD7six 711e2946e4 add a description of nginx.conf 
it's not intented to be complete, merely guide users unfamiliar with
nginx.

fixes #39
 2014-10-23 09:27:23 +00:00
Andy Dawson 764c707262 Merge pull request #69 from mikealmond/ssl-updates 
Updated SSL ciphers and added note about POODLE
 2014-10-17 21:06:10 +02:00
Andy Dawson ce3f354ff2 Merge pull request #68 from DanielMarquard/patch-1 
Removed includeSubDomains, and disable HTST by default
 2014-10-16 11:44:53 +02:00
Daniel Marquard 99cdb58475 HSTS off by default 
Consensus to disable HSTS by default.
 2014-10-16 05:40:48 -04:00
Mike Almond 4cd1367b43 Remove quotes from SSL cipher list 2014-10-15 13:47:33 -04:00
Mike Almond fe256f3be7 Add note about POODLE attack against SSLv3 2014-10-15 11:22:09 -04:00
Mike Almond 25cbfb8942 Update SSL ciphers to the updated defaults by Mozilla 2014-10-15 11:17:04 -04:00
Daniel Marquard 5525eebf2b Removed "includeSubDomains" 
As a best practice, Nginx should only direct clients to use the certificate on specified domains. This is because not all servers using other subdomains necessarily listen on 443 and because, unless it is a wildcard certificate, it likely won't be valid on subdomains other than WWW.
 2014-10-14 00:16:22 -04:00
Andy Dawson 4ec8f51276 Merge pull request #59 from NotBobTheBuilder/master 
Enable IPv6 listening
 2014-10-01 12:10:40 +02:00
AD7six 537c939e72 Use a more conventional location for sites 
it's more common (at meast IME) to use /var/www/example.com rather than
creating a new root folder `sites` to put apps in.
 2014-10-01 10:03:49 +00:00
Andy Dawson c0fbc4fd11 Merge pull request #66 from philippbecker/patch-1 
Fix typo in `getting-started.md`
 2014-10-01 10:59:32 +02:00
Philipp Becker 4617fd2e18 Fix typo in `getting-started.md` 
User and group name should be separated by a space character.
Otherwise, only one value `www-data-www-data` is passed:

"If group is omitted, a group whose name equals that of user is used."
 2014-09-30 11:46:34 +02:00
Przemek Matylla f9b58cd883 Add configs for WOFF 2.0 font files (`.woff2`) 
Ref: http://www.w3.org/TR/WOFF2/
     h5bp/server-configs-apache#32

Close: h5bp/server-configs-nginx#54
 2014-09-03 15:31:25 +03:00
Matthew Haughton b75cbfdafe Remove Chrome Frame related comment 
Fix h5bp/server-configs-nginx#30
Close h5bp/server-configs-nginx#62
 2014-09-03 15:16:05 +03:00
Jack Wearden 0ccf9b03cb IPv6 only is the default 2014-08-21 00:32:02 +01:00
Jack Wearden 264738a043 IPv6 only is the default 2014-08-21 00:31:37 +01:00
Jack Wearden 9326c69219 IPv6 support 2014-08-20 23:55:04 +01:00
Jack Wearden 2ac65dbb5d IPv6 support 2014-08-20 23:54:07 +01:00
Andy Dawson 3db5d61f81 Merge pull request #55 from cannie/patch-1 
Use relative path for mime.types
 2014-08-13 16:23:27 +02:00
Andy Dawson 52ccc699a8 Merge pull request #50 from drewhammond/gzip_http_version 
Remove gzip_http_version parameter
 2014-08-13 16:22:47 +02:00
Andy Dawson 069dd1480c Merge pull request #53 from giggsey/patch-1 
Fix 'directive' typo in example ssl config
 2014-08-13 16:21:52 +02:00
Vladimir Sazhin a83dd2d119 Use relative path for mime.types 2014-08-13 15:00:14 +04:00
Joshua Gigg bf68202033 Fix 'directive' typo 
Spotted by @honi in #51
 2014-08-12 14:03:13 +01:00
Cătălin Mariș 8510caa5c6 Add missing semicolons in `ssl.example.com` 
Close h5bp/server-configs-nginx#52.
 2014-08-07 15:01:30 +03:00
Drew Hammond d8891a1b4c Remove gzip_http_version parameter 
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
 2014-07-31 22:48:09 -04:00
AD7six fc610f495a Merge branch 'feature/split-ssl' 
Add ssl config from istlsfastyet.com

Some doc changes needed, but this includes all of the config changes

Closes #44
 2014-07-28 15:01:30 +00:00
AD7six 332998a2db use a much longer ssl_session_timeout 
To match the settiongs from istlsfastyet.com

Add a mention of ssl_buffer_size even though it can 't be enabled yet
 2014-07-28 14:56:27 +00:00
AD7six aac9d71d54 add ssl example site 
ensure to avoid any use of if as that's "extremely inefficient" and
eliminate redirects where possible
 2014-07-28 14:52:00 +00:00
AD7six b5004a9b46 don't include ssl config by default 
If the server has no ssl config - there's no need to load a config file
full of ssl config
 2014-07-28 14:44:28 +00:00
AD7six 72f9509a5e disable ssl_session_tickets 
it's only recently added so is a config error otherwise
 2014-07-28 14:42:35 +00:00
AD7six 7295a765ee add stubs for ssl-stapling and spdy 2014-07-28 14:38:22 +00:00
AD7six 759bf84163 Default to use HTTP strict transport security 2014-07-28 14:30:00 +00:00
AD7six 398036440b add increased ssl timeout 2014-07-28 14:29:04 +00:00
AD7six d996d2da0c turn off ssl session tickets 
Stolen from istlsfastyet.com's config

It is probably a more logical default to turn off session tickets
given the diff linked in the comment block.
 2014-07-28 14:20:58 +00:00
AD7six 08d4bbbd04 remove SSLv3 from the ssl protocol list 
As suggested in #44, and since h5bp doesn't support IE6 it seems to be
appropriate to remove a protocol which is in the list only to permit use
with IE6.
 2014-07-28 14:16:09 +00:00
AD7six 029ff47286 move ssl config to a seperate file 2014-07-28 14:08:19 +00:00
AD7six 5142e91ecf Remove tcp_nodelay 
The Nagle buffering algorithm is apparently that the best thing
to enable by default.

closes #28
 2014-07-28 13:52:39 +00:00
Syed I.R 7cae83a0cf Fix typo, Update/Add Nginx Command to test a particular config file, Update Restart Command & Comments. 2014-07-28 13:43:34 +00:00
Syed I.R fc53165d01 Format README, Add Verify Config & Restart Nginx Command. 2014-07-28 13:43:34 +00:00
Marvin Roger 03dc5e07e6 Fix typo 
Close h5bp/server-configs-nginx#48.
 2014-06-26 22:42:12 +03:00
Syed I.R 2f57c32060 Make minor format related improvement in README.md 2014-06-22 22:08:03 +03:00
AD7six bf0e3657f9 apply cross-domain changes proposed in #23 
closes #23
 2014-04-08 10:13:29 +00:00
Andy Dawson 46e4d5b30b Merge pull request #36 from mediochrea/master 
Added missing semicolon, removed text/html charset
 2014-01-31 10:40:40 -08:00
Odontopera Mediochrea fa41e580df Added missing semicolon, removed text/html charset 
I believe the error was because text/html is implied by default.
 2014-01-30 23:23:31 +02:00
Andy Dawson 1a08f51108 Merge pull request #34 from h5bp/charset_types 
Fix charset_types as mime.types is updated
 2014-01-28 13:28:10 -08:00
Andy Dawson 5451d17260 Correct link to documentation. 2014-01-28 22:25:39 +01:00
Andy Dawson d34033193f Merge pull request #31 from alimony/patch-1 
Fix broken documentation link.
 2014-01-28 13:25:07 -08:00
Andy Dawson b1549a8438 Merge pull request #35 from ChrisMcKee/patch-1 
ssl_ciphers update
 2014-01-28 13:17:10 -08:00
Chris McKee 91cac519ef ssl_ciphers update 
Updated ciphers to provide forwarding secrecy, a wider range of support and to match those provided by Mozilla security https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
 2014-01-27 13:54:16 +00:00
Andy Dawson e1ff007951 Merge pull request #32 from Slix/patch-1 
Fix spelling errors in nginx config docs.
 2014-01-21 08:47:56 -08:00