Commit Graph

447 Commits

Author SHA1 Message Date
Pete Cooper e64b4a6ee2 Update README.md
Caps case and double space.
2019-05-14 17:03:37 +02:00
Jonathan Chun 19ef6a8849 Fix typo in example conf (#226) 2019-04-14 19:31:05 +02:00
Léo Colombaro 276af8da7b
Improve default Content-Security-Policy value (#224)
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
Léo Colombaro d186781282
Update `ngx_pagespeed` docs link 2019-03-24 22:21:07 +01:00
Léo Colombaro 932e5ea5b7
Merge remote-tracking branch 'origin/master' 2019-03-24 01:50:13 +01:00
Léo Colombaro 12b0ff87b9
Bump server-configs-test to v1.0.6 2019-03-24 01:50:04 +01:00
Léo Colombaro 00373398ef
Keep testing CSP headers 2019-03-15 19:01:48 +01:00
Léo Colombaro 29ff09ac95
Remove CSP from basic.conf includes
Too strong for general purposes.

Closes #222
2019-03-15 18:58:47 +01:00
Léo Colombaro 9c6cca96c8
Release v3.0.1 2019-03-09 15:20:30 +01:00
Léo Colombaro cec616a103
SVGZ files are already compressed
Disable gzip function for them
Regression d2f4e5c68f
2019-03-09 15:08:44 +01:00
Léo Colombaro 3b0c4c41df
Fix regexp expressions in mime-types maps 2019-03-09 13:45:33 +01:00
Léo Colombaro 7e270ae657
Bump server-configs-test to v1.0.3 2019-03-09 13:17:33 +01:00
Léo Colombaro db1601f606
Use regexp in MIME-types based maps 2019-03-09 02:44:10 +01:00
Léo Colombaro 06e5fc8445
Remove extra match-any regexp 2019-03-09 02:41:29 +01:00
Mark Woon d65cd97761 Use regexp in MIME-types based maps (#221)
Fix #220

Co-authored-by: Léo Colombaro <git@colombaro.fr>
2019-03-09 02:34:15 +01:00
Léo Colombaro 50a6d793ce
Remove duplicated .conf in include 2019-02-13 14:45:52 +01:00
Léo Colombaro f600128203
Add Referrer-Policy for html document by default 2019-02-13 14:31:53 +01:00
Léo Colombaro c04dcb232f
Bump server-configs-test 2019-02-13 14:26:52 +01:00
Léo Colombaro 48277fbc14
Bump server-configs-test 2019-02-13 14:16:45 +01:00
Léo Colombaro 3cf23ea499
Bump server-configs-test 2019-02-13 14:10:36 +01:00
Léo Colombaro 94a9cec172 Release v3.0.0 2019-02-12 17:03:13 +01:00
Léo Colombaro efafc1f52a
Use minimal env for Travis-CI builds 2019-02-12 12:53:16 +01:00
Léo Colombaro 0acfbbd8fa
Bump server-configs-test 2019-02-12 12:31:41 +01:00
Léo Colombaro 51f5ffab82
Clean up and prepare docs for v3 2019-02-12 12:25:30 +01:00
Léo Colombaro 92a1c5df93
Let default servers be HTTP/2 compatible 2019-02-11 19:12:17 +01:00
Léo Colombaro 3883f59739
Remove "duplicated" deferred
These suggestions are more complicated to use than just commenting them
out.
Users may face an errored situation.

Ref: a36387848f

Fix #199
2019-02-11 19:11:21 +01:00
Romario Maxwell a7b8831a12 fix typo in example.com.conf header comment 2019-02-11 18:03:04 +01:00
Léo Colombaro 52e13535b4 Add test vhosts and Travis CI config 2019-02-11 16:18:43 +01:00
Léo Colombaro 283b292c5e
Add default recommended headers
Since no more location directive is used, making these header
available everywhere is possible without breaking servers.
2019-02-10 22:20:05 +01:00
Léo Colombaro a4c9e2da8e
Better default certificates folder
Mapped as Docker Nginx image
2019-02-10 22:13:25 +01:00
Léo Colombaro 6dd4cc27ed Switch from location directives to maps based on MIME-types
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
Léo Colombaro 2d135053cb
Move MIME-type and charset declaration into their own conf files 2019-02-10 20:40:50 +01:00
Léo Colombaro 452b630330
Update gzipped MIME-type following web standard
Source https://github.com/jshttp/mime-db
2019-02-10 20:38:23 +01:00
Léo Colombaro e21aec5822
Block access to file #.*#
Used to contain sensitive data
2019-02-10 20:36:26 +01:00
Léo Colombaro 1f5d6359be
Bump supported Nginx to 1.8.0 2019-02-10 20:33:30 +01:00
Léo Colombaro fe7ff95a7f
Fix MIME-type
Add application/wasm and text/calendar
2019-02-10 20:32:53 +01:00
Léo Colombaro 8a4a1ce706
Delete inline script
Not used internally and not maintained
2019-02-10 20:31:54 +01:00
Léo Colombaro 8919496406
Remove outdated docs and fix repo structure
Trying to make maintenance as easier as we can
2019-02-04 14:09:06 +01:00
Léo Colombaro 76be9604e3 Reflect conf.d change is doc 2019-02-01 21:57:51 +01:00
Léo Colombaro 306af367e9 Move server config to conf.d folder
Aligning with nginx docker image
Fix #95
2019-02-01 21:57:51 +01:00
Léo Colombaro d2531ac605 Rotate ssl policies to modernize protocols recommendations
Closes #210
2019-02-01 16:13:22 +01:00
Léo Colombaro 3472f5ab0e
Exclude repo file on export 2019-02-01 13:05:28 +01:00
Léo Colombaro 930980a517
Typo 2018-12-03 15:38:57 +01:00
Ewout van Mansom eeeebd0da6 Add new TLS policy 'future' (#211)
This new TLS policy embraces the best security practices and performance characteristics by sacrificing compatibility with older clients.
2018-12-02 18:40:25 +01:00
Léo Colombaro df4be14a73
Improve cache-file-descriptors.conf doc
Closes #203
2018-12-02 17:23:44 +01:00
Ewout van Mansom df23e0ba8c Add DH parameters note to policy_intermediate.conf (#212)
For DHE ciphersuites, adding a diffie hellman parameter is a good practice. Only the intermediate policy uses DHE ciphersuites.
2018-12-02 17:05:11 +01:00
Léo Colombaro 86d8ed33ca
Improve SSL directives declarations, order and descriptions 2018-12-02 12:57:01 +01:00
Ewout van Mansom 5a2f750c53 Add note explaining secure eleptic curve situation for modern TLS profile preset (#209) 2018-11-30 12:12:02 +01:00
a22375 5f3ce4f73c Add back web_performance_cache_expiration (#206)
remove double include h5bp/location/security_file_access.conf;
2018-11-30 11:40:33 +01:00
Ewout van Mansom 8141562756 Add eleptic curves for intermediate profile preset
prime256v1 (NIST P-256), secp384r1 (NIST P-384) and secp521r1 (NIST P-521) have been deemed insecure as per Daniel J. Bernstein's research (https://cr.yp.to/newelliptic/nistecc-20160106.pdf, https://safecurves.cr.yp.to/).

Despite that, the adoption of X25519 is too slim. Limiting to that curve would mean dropping compatibility with Safari, Edge and Internet Explorer.
2018-11-30 11:38:25 +01:00