Commit Graph

388 Commits

Author SHA1 Message Date
AD7six a873a55be7 Merge branch 'master' of github.com:h5bp/server-configs-nginx 2014-10-23 15:56:40 +00:00
AD7six 17ceffe681 whitespace matters 2014-10-23 15:53:48 +00:00
Andy Dawson 06d1a605cb Merge pull request #71 from h5bp/content_transformation_and_ngx_pagespeed
Add information on `ngx_pagespeed` and content transformation
2014-10-23 17:52:45 +02:00
AD7six 2a852fd5e1 add hotlink protection example
closes #7
2014-10-23 15:50:58 +00:00
AD7six f91d8fe776 Better wording 2014-10-23 15:24:03 +00:00
AD7six 28da5151ed correct typo 2014-10-23 15:23:29 +00:00
AD7six f861f2ff01 mention try_files in server context gotcha 2014-10-23 15:21:31 +00:00
AD7six 804ac371bc dynamicly handling request which match a location block 2014-10-23 15:14:19 +00:00
AD7six 8934017c17 add a document explaining request handling
it's not exactly the same as one might expect
2014-10-23 15:07:08 +00:00
Cătălin Mariș c7a2d3b476 Add info on ngx_pagespeed & content transformation
Provide information about `ngx_pagespeed` not rewriting any / some
of the resources if the `Cache-Control: no-transform` response header
is set.

Ref: https://developers.google.com/speed/pagespeed/module/configuration#notransform

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Thanks to @Nikita-S-Doroshenko for pointing this out!

Ref: h5bp/server-configs-apache#46
2014-10-23 14:08:00 +03:00
AD7six 9d38db3969 add a document (stub) for common problems
fixes #29
2014-10-23 09:40:45 +00:00
AD7six c7262a6993 add nginx-conf-md to the toc 2014-10-23 09:30:35 +00:00
AD7six 711e2946e4 add a description of nginx.conf
it's not intented to be complete, merely guide users unfamiliar with
nginx.

fixes #39
2014-10-23 09:27:23 +00:00
Andy Dawson 764c707262 Merge pull request #69 from mikealmond/ssl-updates
Updated SSL ciphers and added note about POODLE
2014-10-17 21:06:10 +02:00
Andy Dawson ce3f354ff2 Merge pull request #68 from DanielMarquard/patch-1
Removed includeSubDomains, and disable HTST by default
2014-10-16 11:44:53 +02:00
Daniel Marquard 99cdb58475 HSTS off by default
Consensus to disable HSTS by default.
2014-10-16 05:40:48 -04:00
Mike Almond 4cd1367b43 Remove quotes from SSL cipher list 2014-10-15 13:47:33 -04:00
Mike Almond fe256f3be7 Add note about POODLE attack against SSLv3 2014-10-15 11:22:09 -04:00
Mike Almond 25cbfb8942 Update SSL ciphers to the updated defaults by Mozilla 2014-10-15 11:17:04 -04:00
Daniel Marquard 5525eebf2b Removed "includeSubDomains"
As a best practice, Nginx should only direct clients to use the certificate on specified domains. This is because not all servers using other subdomains necessarily listen on 443 and because, unless it is a wildcard certificate, it likely won't be valid on subdomains other than WWW.
2014-10-14 00:16:22 -04:00
Andy Dawson 4ec8f51276 Merge pull request #59 from NotBobTheBuilder/master
Enable IPv6 listening
2014-10-01 12:10:40 +02:00
AD7six 537c939e72 Use a more conventional location for sites
it's more common (at meast IME) to use /var/www/example.com rather than
creating a new root folder `sites` to put apps in.
2014-10-01 10:03:49 +00:00
Andy Dawson c0fbc4fd11 Merge pull request #66 from philippbecker/patch-1
Fix typo in `getting-started.md`
2014-10-01 10:59:32 +02:00
Philipp Becker 4617fd2e18 Fix typo in `getting-started.md`
User and group name should be separated by a space character.
Otherwise, only one value `www-data-www-data` is passed:

"If group is omitted, a group whose name equals that of user is used."
2014-09-30 11:46:34 +02:00
Przemek Matylla f9b58cd883 Add configs for WOFF 2.0 font files (`.woff2`)
Ref: http://www.w3.org/TR/WOFF2/
     h5bp/server-configs-apache#32

Close: h5bp/server-configs-nginx#54
2014-09-03 15:31:25 +03:00
Matthew Haughton b75cbfdafe Remove Chrome Frame related comment
Fix h5bp/server-configs-nginx#30
Close h5bp/server-configs-nginx#62
2014-09-03 15:16:05 +03:00
Jack Wearden 0ccf9b03cb IPv6 only is the default 2014-08-21 00:32:02 +01:00
Jack Wearden 264738a043 IPv6 only is the default 2014-08-21 00:31:37 +01:00
Jack Wearden 9326c69219 IPv6 support 2014-08-20 23:55:04 +01:00
Jack Wearden 2ac65dbb5d IPv6 support 2014-08-20 23:54:07 +01:00
Andy Dawson 3db5d61f81 Merge pull request #55 from cannie/patch-1
Use relative path for mime.types
2014-08-13 16:23:27 +02:00
Andy Dawson 52ccc699a8 Merge pull request #50 from drewhammond/gzip_http_version
Remove gzip_http_version parameter
2014-08-13 16:22:47 +02:00
Andy Dawson 069dd1480c Merge pull request #53 from giggsey/patch-1
Fix 'directive' typo in example ssl config
2014-08-13 16:21:52 +02:00
Vladimir Sazhin a83dd2d119 Use relative path for mime.types 2014-08-13 15:00:14 +04:00
Joshua Gigg bf68202033 Fix 'directive' typo
Spotted by @honi in #51
2014-08-12 14:03:13 +01:00
Cătălin Mariș 8510caa5c6 Add missing semicolons in `ssl.example.com`
Close h5bp/server-configs-nginx#52.
2014-08-07 15:01:30 +03:00
Drew Hammond d8891a1b4c Remove gzip_http_version parameter
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
2014-07-31 22:48:09 -04:00
AD7six fc610f495a Merge branch 'feature/split-ssl'
Add ssl config from istlsfastyet.com

Some doc changes needed, but this includes all of the config changes

Closes #44
2014-07-28 15:01:30 +00:00
AD7six 332998a2db use a much longer ssl_session_timeout
To match the settiongs from istlsfastyet.com

Add a mention of ssl_buffer_size even though it can 't be enabled yet
2014-07-28 14:56:27 +00:00
AD7six aac9d71d54 add ssl example site
ensure to avoid any use of if as that's "extremely inefficient" and
eliminate redirects where possible
2014-07-28 14:52:00 +00:00
AD7six b5004a9b46 don't include ssl config by default
If the server has no ssl config - there's no need to load a config file
full of ssl config
2014-07-28 14:44:28 +00:00
AD7six 72f9509a5e disable ssl_session_tickets
it's only recently added so is a config error otherwise
2014-07-28 14:42:35 +00:00
AD7six 7295a765ee add stubs for ssl-stapling and spdy 2014-07-28 14:38:22 +00:00
AD7six 759bf84163 Default to use HTTP strict transport security 2014-07-28 14:30:00 +00:00
AD7six 398036440b add increased ssl timeout 2014-07-28 14:29:04 +00:00
AD7six d996d2da0c turn off ssl session tickets
Stolen from istlsfastyet.com's config

It is probably a more logical default to turn off session tickets
given the diff linked in the comment block.
2014-07-28 14:20:58 +00:00
AD7six 08d4bbbd04 remove SSLv3 from the ssl protocol list
As suggested in #44, and since h5bp doesn't support IE6 it seems to be
appropriate to remove a protocol which is in the list only to permit use
with IE6.
2014-07-28 14:16:09 +00:00
AD7six 029ff47286 move ssl config to a seperate file 2014-07-28 14:08:19 +00:00
AD7six 5142e91ecf Remove tcp_nodelay
The Nagle buffering algorithm is apparently that the best thing
to enable by default.

closes #28
2014-07-28 13:52:39 +00:00
Syed I.R 7cae83a0cf Fix typo, Update/Add Nginx Command to test a particular config file, Update Restart Command & Comments. 2014-07-28 13:43:34 +00:00