09f500815c
Fix capitalization of includeSubDomains
2016-06-04 12:22:43 -06:00
ec4e0303f4
Correct syntax for keepalive_timeout
...
It doesn't seem to be a fatal error, but the keepalive_timeout
value actually requires "s" (for seconds). Another occurence of
this was fixed in 35434b3361http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-14 10:25:01 +02:00
3270937c3a
fix format.
...
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2015-12-04 22:25:31 +08:00
94b3680c9d
Merge pull request #105 from Cryszon/patch-1
...
Updated locations to match h5bp's Apache config
2015-09-11 10:55:01 +02:00
faabaad16b
Update to mozilla's wiki's current intermediate set
2015-09-11 08:41:05 +00:00
d37a4c7165
Updated locations to match h5bp's Apache config
...
See https://github.com/h5bp/server-configs-apache/issues/31 for `well-known` change.
2015-06-08 15:56:19 +03:00
fce0e368c1
Don't use invalid examples
...
A wildcard subdomain isn't valid syntax for a ACAO header
2015-05-29 15:32:23 +02:00
1089839e54
Fix typo in `expires.conf`
...
Close h5bp/server-configs-nginx#82 .
2014-11-17 20:31:24 +02:00
228c5ccca0
Merge pull request #78 from ChrisMcKee/patch-4
...
Extra security headers without a home
2014-10-30 16:02:01 +01:00
cb0ca2934c
Update extra-security.conf
2014-10-30 09:59:06 +00:00
67a259a471
Merge pull request #77 from ChrisMcKee/patch-3
...
Change note / add missing header
2014-10-29 20:03:19 +01:00
85018fa236
avoid long lines
2014-10-29 19:47:17 +01:00
62ef8ddbcc
Merge pull request #75 from ChrisMcKee/patch-1
...
add secondary google dns ip and 2 failover DYN DNS public dns ips, and t...
2014-10-29 19:46:29 +01:00
a3cf3aab00
Extra security headers without a home
2014-10-28 21:28:03 +00:00
a4b121a2e7
Change note / add missing header
2014-10-28 21:22:27 +00:00
a97cbecd12
Update Cipher list to latest add version of STS
...
Updated latest "intermediate" ciphers from mozilla
Add another version of the STS header including subdomains and comments
Add note at base to consider ssl-stapling
2014-10-28 21:20:37 +00:00
6121b47151
add secondary google dns ip and 2 failover DYN DNS public dns ips, and timeouts
2014-10-28 21:09:57 +00:00
c7a2d3b476
Add info on ngx_pagespeed & content transformation
...
Provide information about `ngx_pagespeed` not rewriting any / some
of the resources if the `Cache-Control: no-transform` response header
is set.
Ref: https://developers.google.com/speed/pagespeed/module/configuration#notransform
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Thanks to @Nikita-S-Doroshenko for pointing this out!
Ref: h5bp/server-configs-apache#46
2014-10-23 14:08:00 +03:00
764c707262
Merge pull request #69 from mikealmond/ssl-updates
...
Updated SSL ciphers and added note about POODLE
2014-10-17 21:06:10 +02:00
99cdb58475
HSTS off by default
...
Consensus to disable HSTS by default.
2014-10-16 05:40:48 -04:00
4cd1367b43
Remove quotes from SSL cipher list
2014-10-15 13:47:33 -04:00
fe256f3be7
Add note about POODLE attack against SSLv3
2014-10-15 11:22:09 -04:00
25cbfb8942
Update SSL ciphers to the updated defaults by Mozilla
2014-10-15 11:17:04 -04:00
5525eebf2b
Removed "includeSubDomains"
...
As a best practice, Nginx should only direct clients to use the certificate on specified domains. This is because not all servers using other subdomains necessarily listen on 443 and because, unless it is a wildcard certificate, it likely won't be valid on subdomains other than WWW.
2014-10-14 00:16:22 -04:00
f9b58cd883
Add configs for WOFF 2.0 font files (`.woff2`)
...
Ref: http://www.w3.org/TR/WOFF2/
h5bp/server-configs-apache#32
Close : h5bp/server-configs-nginx#54
2014-09-03 15:31:25 +03:00
b75cbfdafe
Remove Chrome Frame related comment
...
Fix h5bp/server-configs-nginx#30
Close h5bp/server-configs-nginx#62
2014-09-03 15:16:05 +03:00
332998a2db
use a much longer ssl_session_timeout
...
To match the settiongs from istlsfastyet.com
Add a mention of ssl_buffer_size even though it can 't be enabled yet
2014-07-28 14:56:27 +00:00
72f9509a5e
disable ssl_session_tickets
...
it's only recently added so is a config error otherwise
2014-07-28 14:42:35 +00:00
7295a765ee
add stubs for ssl-stapling and spdy
2014-07-28 14:38:22 +00:00
759bf84163
Default to use HTTP strict transport security
2014-07-28 14:30:00 +00:00
398036440b
add increased ssl timeout
2014-07-28 14:29:04 +00:00
d996d2da0c
turn off ssl session tickets
...
Stolen from istlsfastyet.com's config
It is probably a more logical default to turn off session tickets
given the diff linked in the comment block.
2014-07-28 14:20:58 +00:00
08d4bbbd04
remove SSLv3 from the ssl protocol list
...
As suggested in #44 , and since h5bp doesn't support IE6 it seems to be
appropriate to remove a protocol which is in the list only to permit use
with IE6.
2014-07-28 14:16:09 +00:00
029ff47286
move ssl config to a seperate file
2014-07-28 14:08:19 +00:00
03dc5e07e6
Fix typo
...
Close h5bp/server-configs-nginx#48 .
2014-06-26 22:42:12 +03:00
bf0e3657f9
apply cross-domain changes proposed in #23
...
closes #23
2014-04-08 10:13:29 +00:00
b4d4ebb357
Remove Chrome Frame meta tag. Reference h5bp/server-configs-nginx#2
2013-12-21 17:41:25 +08:00
41e8ef9992
Renamed h5bp.conf to basic.conf README
...
Updated with correct filename.
2013-12-03 23:50:27 +05:30
560bdab9cf
Move config snippets around
...
Make it more obvious which snippets are location based, and which
are just directives. Need to provide more files like basic.conf to
cover more of the common use cases.
2013-11-22 10:50:58 +00:00
e476b08d11
rename conf folder to h5bp
...
The name "conf" is potentially confusing as something which should be inclued
en masse rather than a folder of config snippets.
Closes #13
2013-11-20 18:06:02 +00:00
Chris Chapman