Commit Graph

70 Commits

Author SHA1 Message Date
Léo Colombaro fbdaa3f867 Add custom files include ability
Closes 
2021-09-15 00:00:42 +02:00
Léo Colombaro 4a40f258a2
Use latest server-configs-test and align requirements 2021-06-29 00:54:40 +02:00
Léo Colombaro 25a569d97d
Add Cross Origin Policies headers
Ref https://github.com/h5bp/server-configs-apache/issues/250
2021-06-28 14:46:32 +02:00
Léo Colombaro 36310b927b
Add `Permissions-Policy` header
Ref https://github.com/h5bp/server-configs-apache/issues/179
2021-06-28 14:43:00 +02:00
Léo Colombaro 8600df1018
Make `Content-Security-Policy` disallow 'object-src' by default
Ref https://github.com/h5bp/server-configs-apache/issues/190
2021-06-28 14:28:44 +02:00
Léo Colombaro 836467c8b5 Drop `X-XSS-Protection` header usage as per its deprecation
Ref https://github.com/h5bp/server-configs-apache/pull/253
Ref https://github.com/h5bp/server-configs-apache/issues/198

Closes https://github.com/h5bp/server-configs-nginx/pull/260
2021-06-14 01:14:22 +02:00
Léo Colombaro 4556277ced Drop `X-UA-Compatible` header usage as per IE deprecation
Ref https://github.com/h5bp/server-configs-apache/issues/210
Ref https://github.com/h5bp/server-configs-apache/issues/182
2021-06-14 01:14:22 +02:00
Léo Colombaro 3615dfa351 Expand responses to include Referrer Policy 2020-04-13 14:44:29 +02:00
Léo Colombaro 41689406c8 Expand responses to include CSP
Ref: https://github.com/h5bp/server-configs-apache/issues/187
2020-04-13 14:44:29 +02:00
Léo Colombaro e0724b8149
Stricter default for Referrer Policy
Ref: https://github.com/h5bp/server-configs-apache/pull/204
2020-01-03 19:36:51 +01:00
Pete Cooper 67c54c53f1
Documentation formatting and reviewing ()
No code changes, some config reordering
2019-05-15 23:20:10 +02:00
Léo Colombaro 276af8da7b
Improve default Content-Security-Policy value ()
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
Léo Colombaro db1601f606
Use regexp in MIME-types based maps 2019-03-09 02:44:10 +01:00
Léo Colombaro f600128203
Add Referrer-Policy for html document by default 2019-02-13 14:31:53 +01:00
Léo Colombaro 6dd4cc27ed Switch from location directives to maps based on MIME-types
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
Léo Colombaro 2d135053cb
Move MIME-type and charset declaration into their own conf files 2019-02-10 20:40:50 +01:00
Léo Colombaro 8919496406
Remove outdated docs and fix repo structure
Trying to make maintenance as easier as we can
2019-02-04 14:09:06 +01:00
Léo Colombaro 306af367e9 Move server config to conf.d folder
Aligning with nginx docker image
Fix 
2019-02-01 21:57:51 +01:00
Léo Colombaro 3071e67d04
Tweaks and lint 2018-11-25 22:07:01 +01:00
Léo Colombaro 496af1cfd5
Split directives to enforce atomic structure
* Enforce H5BP style
* Improve inline documentation to simplify maintenance
* Prepare v3
2018-11-23 17:19:51 +01:00
Léo Colombaro e38617e7fb
Switch to `https` when possible 2018-11-23 13:15:44 +01:00
Andrea Falco 94262e7610 Changed GeoJSON and RDF media type ()
* Updated GeoJSON media type

Following https://tools.ietf.org/html/rfc7946#section-12

* Updated RDF media type

Following https://tools.ietf.org/html/rfc3870#section-2
2018-11-23 12:56:17 +01:00
Léo Colombaro 70ae5ded27 reflect mime changes in nginx.conf 2018-11-23 11:46:32 +01:00
Andy Dawson 3bda5b93ed Add defaults to all directives in nginx.conf
The reason most of these are changed is already covered by the existing
doc block

closes 
2017-05-06 18:30:09 +02:00
Tobias Reich 294e08557c Updated gzip_types and charset_types
… both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed).
2016-08-20 17:17:01 +02:00
Craig Davison 73db8ccfd2 Fix typo 2016-03-22 15:27:19 +00:00
Craig Davison 605ec6f8c3 Improve comments in nginx.conf 2016-03-22 15:27:18 +00:00
Andy Dawson 029821b1a8 Merge pull request from davisonio/specify-keepalive_timeout
Specify that keepalive_timeout is in seconds
2016-01-29 21:11:41 +01:00
Andy Dawson 740ba774f5 Merge pull request from appleboy/patch-3
fix format.
2016-01-29 21:10:25 +01:00
Craig Davison 7c3a67131c Change default value in comment 2016-01-23 14:05:55 +00:00
Craig Davison 35434b3361 Specify that keepalive_timeout is in seconds 2016-01-23 13:59:22 +00:00
Bo-Yi Wu 3270937c3a fix format.
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2015-12-04 22:25:31 +08:00
beilharz 5934741e15 Update nginx.conf
Typo: sites-available should be sites-enabled
2015-11-25 09:49:15 +01:00
Andy Dawson e2ab3b5800 Merge pull request from philippbecker/mime-types
Update media types
2015-09-11 10:49:24 +02:00
Andy Dawson 0932b4d10c Merge pull request from pentago/master
Added FreeBSD w/ ZFS performance instructions
2015-09-11 10:46:34 +02:00
St. Isidore de Seville 19d0f8ffbf fix 2015-08-29 21:05:56 -04:00
Philipp Becker f719f3e8e4 Update media types in `nginx.conf` 2015-07-21 11:34:05 +02:00
Goran dc3bae07ad Added FreeBSD w/ ZFS performance instructions
On FreeBSD systems with ZFS, sendfile() is useless as ZFS's caching subsystem (adaptive replacement cache a.k.a ARC) already caches most frequently used files in RAM. Disabling sendfile() avoids redundant data caching. 

References: 
https://calomel.org/nginx.html
http://blog.vx.sk/uploads/conferences/EuroBSDcon2012/zfs-tuning-handout.pdf
2015-07-06 19:10:45 +02:00
Eric Andrew Lewis 01af1c1e43 Add an inline documentation link to the sites-enabled documentation page. 2015-06-12 09:52:16 -04:00
Eric Lewis 01cefcda17 Explain why everything in the sites-enabled folder is included 2015-06-11 10:27:20 -04:00
Cătălin Mariș 6c1793bb68 Update the list of resources to be compressed
Ref: a0c4e17190/src/web_performance/compression.conf
2015-03-25 11:10:39 +02:00
Andy Dawson 3db5d61f81 Merge pull request from cannie/patch-1
Use relative path for mime.types
2014-08-13 16:23:27 +02:00
Vladimir Sazhin a83dd2d119 Use relative path for mime.types 2014-08-13 15:00:14 +04:00
Drew Hammond d8891a1b4c Remove gzip_http_version parameter
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
2014-07-31 22:48:09 -04:00
AD7six b5004a9b46 don't include ssl config by default
If the server has no ssl config - there's no need to load a config file
full of ssl config
2014-07-28 14:44:28 +00:00
AD7six 029ff47286 move ssl config to a seperate file 2014-07-28 14:08:19 +00:00
AD7six 5142e91ecf Remove tcp_nodelay
The Nagle buffering algorithm is apparently that the best thing
to enable by default.

closes 
2014-07-28 13:52:39 +00:00
Odontopera Mediochrea fa41e580df Added missing semicolon, removed text/html charset
I believe the error was because text/html is implied by default.
2014-01-30 23:23:31 +02:00
Andy Dawson 1a08f51108 Merge pull request from h5bp/charset_types
Fix charset_types as mime.types is updated
2014-01-28 13:28:10 -08:00
Chris McKee 91cac519ef ssl_ciphers update
Updated ciphers to provide forwarding secrecy, a wider range of support and to match those provided by Mozilla security https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
2014-01-27 13:54:16 +00:00