Commit Graph

467 Commits

Author SHA1 Message Date
Andy Dawson 3bda5b93ed Add defaults to all directives in nginx.conf
The reason most of these are changed is already covered by the existing
doc block

closes #127
2017-05-06 18:30:09 +02:00
Andy Dawson eca3919c88 Merge pull request #155 from electerious/patch-1
Updated gzip_types and charset_types code convention
2017-05-06 17:58:03 +02:00
Andy Dawson bede62c386 Merge pull request #151 from JoeArizona/patch-1
Added mime types for JPEG-XR, markdown, and CSV
2017-05-06 17:57:06 +02:00
Andy Dawson ba73ae2f89 Merge pull request #142 from pentago/spdy-off
Removed SPDY support as we're using HTTP/2 now.
2017-05-06 17:51:38 +02:00
Andy Dawson 34c2114527 Don't need that expires 2017-05-06 17:49:43 +02:00
Matthew Miller d2f4e5c68f Remove cache-control public and better handle svgz files
Fixes: #86

Fixes: #134
2017-05-06 17:48:07 +02:00
Andy Dawson 351e70671e Don't use expire headers in doc examples 2017-05-06 17:43:34 +02:00
Andy Dawson 1cc4b14e51 Merge pull request #168 from alanorth/cache-control-public
Use Cache-Control instead of Expires
2017-05-06 17:39:38 +02:00
Johannes Müller c96e0adf12 Enable IPv6 for no-default 2017-05-06 17:22:11 +02:00
Andy Dawson 391375e1e7 Merge pull request #171 from quantumpacket/patch-1
Remove Unnecessary Trailing Semicolon
2017-05-06 17:01:07 +02:00
Andy Dawson 780aceba92 Merge pull request #172 from quantumpacket/patch-2
Update ssl_ciphers To Latest Mozilla Intermediate
2017-05-06 16:59:17 +02:00
0ri0n 1648e2f0d4 Update ssl_ciphers To Latest Mozilla Intermediate
Updates to latest ciphers list for Mozilla Intermediate, which also adds support for ChaCha20 and Poly1305.
2017-01-08 12:18:04 -05:00
0ri0n 9c7e84f54f Remove Unnecessary Trailing Semicolon
No need to add a semicolon for the last directive. In addition, having that unnecessary semicolon causes the HSTS tool (https://hstspreload.org/) for getting on the preload list to fail with an error about the semicolon.
2017-01-07 12:10:02 -05:00
Alan Orth fd84b1f429
Use Cache-Control max-age instead of Expires headers
Cache-Control max-age was introduced in HTTP/1.1 over ten years ago
and is preferred to Expires. This replaces all expiry dates with an
equivalent max-age in seconds.

See: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching
See: https://www.mnot.net/blog/2007/05/15/expires_max-age
2016-11-15 15:46:34 +02:00
Alan Orth b0c1406cf9
Remove references to Cache-Control public
A previous commit removed some, but missed these. Where a location
directive was using Expires to set a future expiry in conjunction
with Cache-Control public, I have replaced the time with an equal
max-age.

Furthermore, Google's web performance guide says that "public" is
implicit if there is a max-age specified.

See: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching
2016-11-15 15:37:26 +02:00
Andy Dawson cb3dc0554e Merge pull request #148 from leonklingele/add-header-always
Always add security-relevant headers to the response, regardless of the response code (implements #147)
2016-09-09 16:39:54 +02:00
Tobias Reich 294e08557c Updated gzip_types and charset_types
… both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed).
2016-08-20 17:17:01 +02:00
JoeArizona 9821896b9b Added mime types for JPEG-XR, markdown, and CSV
JPEG-XR: http://www.iana.org/assignments/provisional-standard-media-types/provisional-standard-media-types.xhtml
Markdown: https://tools.ietf.org/html/rfc7763
CSV: https://tools.ietf.org/html/rfc7111
2016-07-31 17:31:53 -07:00
Leon Klingele 934eaf3f87 Always add security-relevant headers to the response, regardless of the response code (implements #147)
From nginx' add_header documentation:
```
add_header Adds the specified field to a response header provided that
the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307.
```
At least for all security-relevant headers this should not be the case
and the header should always be added.
2016-07-07 13:29:58 +02:00
Andy Dawson 3f4719b79a Merge pull request #145 from Cloudoki/gitignore-sites-enabled
ignore files in sites-enabled
2016-06-30 16:14:35 +02:00
Edgar Ribeiro fcc2657585 gitignore already tracked 2016-06-30 14:29:39 +01:00
Andy Dawson 678951333a Merge pull request #146 from Cloudoki/typo
fix missing ;
2016-06-30 15:23:58 +02:00
Edgar Ribeiro 58e6af626e ignore files in sites-enabled 2016-06-30 13:37:50 +01:00
Edgar Ribeiro 60b272a2d3 fix missing ; 2016-06-30 13:32:40 +01:00
Andy Dawson 993b807c8e Merge pull request #144 from appleboy/patch-2
Fixed #143 issue: Fix typo
2016-06-27 12:25:46 +02:00
Bo-Yi Wu ebdb5f091e Fixed #143 issue: Fix typo 2016-06-19 16:32:17 +08:00
Pentago 046aaaee84 Removed SPDY support as we're using HTTP/2 now. Ref: df102c6 2016-06-13 20:31:13 +02:00
Andy Dawson 0bb5924b2a Whitespace 2016-06-08 10:06:48 +02:00
Andy Dawson f44d0305a0 Add a failing example 2016-06-08 10:06:16 +02:00
Andy Dawson 6b17b6025c Show a successful example 2016-06-08 10:04:15 +02:00
Andy Dawson bcdb8cd2bf Now irrelevant 2016-06-08 10:01:27 +02:00
Andy Dawson b8fdd45542 Remove access log for probably-not-static files
closes #131
2016-06-08 09:55:58 +02:00
Andy Dawson d84f80ac98 Remove cache-control public
Closes #134
2016-06-08 09:55:00 +02:00
root 025b203b19 preload added to ssl.conf 2016-06-08 09:44:09 +02:00
Andy Dawson 7a0e282dd0 Add an ssl no-default example
I.e. an example of this:

    -> curl -kI -H "Host: valid.com" https://localhost
    HTTP/1.1 200 OK
    ...
    -> curl -kI -H "Host: invalid.com" https://localhost
    curl: (52) Empty reply from server

Whether this works or not depends on SNI.
2016-06-08 09:36:39 +02:00
Andy Dawson 6be3c46535 Merge pull request #138 from Buzut/master
Updated ssl.exemple.com to use http2 instead of spdy
2016-06-08 09:29:16 +02:00
Andy Dawson ef96c5599f Merge pull request #140 from ebgranger/feature/fixing-getting-started-documentation
documentation inconsistent with file structure
2016-06-08 09:26:45 +02:00
Andy Dawson 4300d7d402 Merge pull request #139 from cdchapman/hsts-includeSubDomains
Fix capitalization of includeSubDomains
2016-06-08 09:25:33 +02:00
Edward Granger ea87f60b29 documentation inconsistent with file structure 2016-06-07 16:07:49 -04:00
Chris Chapman 09f500815c Fix capitalization of includeSubDomains 2016-06-04 12:22:43 -06:00
Buzut df102c6252 Updated ssl.exemple.com to use http2 instead of spdy
http2 is available in nginx since nginx 1.9.5. Therefor it's better to use the standard.
2016-05-25 15:02:34 +02:00
Andy Dawson 49aac21945 Merge pull request #133 from alanorth/keepalive-timeout-syntax
Correct syntax for keepalive_timeout
2016-03-24 18:00:01 +01:00
Andy Dawson daea8eb54b Merge pull request #129 from davisonio/specify-conf-defaults
Improve comments in nginx.conf
2016-03-24 17:59:35 +01:00
Craig Davison 73db8ccfd2 Fix typo 2016-03-22 15:27:19 +00:00
Craig Davison 605ec6f8c3 Improve comments in nginx.conf 2016-03-22 15:27:18 +00:00
Alan Orth ec4e0303f4 Correct syntax for keepalive_timeout
It doesn't seem to be a fatal error, but the keepalive_timeout
value actually requires "s" (for seconds). Another occurence of
this was fixed in 35434b3361 but
these slipped through.

See: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-14 10:25:01 +02:00
Andy Dawson 66d0c463e0 Merge pull request #128 from corbanmailloux/patch-1
Single capitalization fix
2016-01-29 21:17:14 +01:00
Andy Dawson 029821b1a8 Merge pull request #130 from davisonio/specify-keepalive_timeout
Specify that keepalive_timeout is in seconds
2016-01-29 21:11:41 +01:00
Andy Dawson 740ba774f5 Merge pull request #124 from appleboy/patch-3
fix format.
2016-01-29 21:10:25 +01:00
Craig Davison 7c3a67131c Change default value in comment 2016-01-23 14:05:55 +00:00