Commit Graph

475 Commits

Author SHA1 Message Date
Andy Dawson 764c707262 Merge pull request #69 from mikealmond/ssl-updates
Updated SSL ciphers and added note about POODLE
2014-10-17 21:06:10 +02:00
Andy Dawson ce3f354ff2 Merge pull request #68 from DanielMarquard/patch-1
Removed includeSubDomains, and disable HTST by default
2014-10-16 11:44:53 +02:00
Daniel Marquard 99cdb58475 HSTS off by default
Consensus to disable HSTS by default.
2014-10-16 05:40:48 -04:00
Mike Almond 4cd1367b43 Remove quotes from SSL cipher list 2014-10-15 13:47:33 -04:00
Mike Almond fe256f3be7 Add note about POODLE attack against SSLv3 2014-10-15 11:22:09 -04:00
Mike Almond 25cbfb8942 Update SSL ciphers to the updated defaults by Mozilla 2014-10-15 11:17:04 -04:00
Daniel Marquard 5525eebf2b Removed "includeSubDomains"
As a best practice, Nginx should only direct clients to use the certificate on specified domains. This is because not all servers using other subdomains necessarily listen on 443 and because, unless it is a wildcard certificate, it likely won't be valid on subdomains other than WWW.
2014-10-14 00:16:22 -04:00
Andy Dawson 4ec8f51276 Merge pull request #59 from NotBobTheBuilder/master
Enable IPv6 listening
2014-10-01 12:10:40 +02:00
AD7six 537c939e72 Use a more conventional location for sites
it's more common (at meast IME) to use /var/www/example.com rather than
creating a new root folder `sites` to put apps in.
2014-10-01 10:03:49 +00:00
Andy Dawson c0fbc4fd11 Merge pull request #66 from philippbecker/patch-1
Fix typo in `getting-started.md`
2014-10-01 10:59:32 +02:00
Philipp Becker 4617fd2e18 Fix typo in `getting-started.md`
User and group name should be separated by a space character.
Otherwise, only one value `www-data-www-data` is passed:

"If group is omitted, a group whose name equals that of user is used."
2014-09-30 11:46:34 +02:00
Przemek Matylla f9b58cd883 Add configs for WOFF 2.0 font files (`.woff2`)
Ref: http://www.w3.org/TR/WOFF2/
     h5bp/server-configs-apache#32

Close: h5bp/server-configs-nginx#54
2014-09-03 15:31:25 +03:00
Matthew Haughton b75cbfdafe Remove Chrome Frame related comment
Fix h5bp/server-configs-nginx#30
Close h5bp/server-configs-nginx#62
2014-09-03 15:16:05 +03:00
Jack Wearden 0ccf9b03cb IPv6 only is the default 2014-08-21 00:32:02 +01:00
Jack Wearden 264738a043 IPv6 only is the default 2014-08-21 00:31:37 +01:00
Jack Wearden 9326c69219 IPv6 support 2014-08-20 23:55:04 +01:00
Jack Wearden 2ac65dbb5d IPv6 support 2014-08-20 23:54:07 +01:00
Andy Dawson 3db5d61f81 Merge pull request #55 from cannie/patch-1
Use relative path for mime.types
2014-08-13 16:23:27 +02:00
Andy Dawson 52ccc699a8 Merge pull request #50 from drewhammond/gzip_http_version
Remove gzip_http_version parameter
2014-08-13 16:22:47 +02:00
Andy Dawson 069dd1480c Merge pull request #53 from giggsey/patch-1
Fix 'directive' typo in example ssl config
2014-08-13 16:21:52 +02:00
Vladimir Sazhin a83dd2d119 Use relative path for mime.types 2014-08-13 15:00:14 +04:00
Joshua Gigg bf68202033 Fix 'directive' typo
Spotted by @honi in #51
2014-08-12 14:03:13 +01:00
Cătălin Mariș 8510caa5c6 Add missing semicolons in `ssl.example.com`
Close h5bp/server-configs-nginx#52.
2014-08-07 15:01:30 +03:00
Drew Hammond d8891a1b4c Remove gzip_http_version parameter
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
2014-07-31 22:48:09 -04:00
AD7six fc610f495a Merge branch 'feature/split-ssl'
Add ssl config from istlsfastyet.com

Some doc changes needed, but this includes all of the config changes

Closes #44
2014-07-28 15:01:30 +00:00
AD7six 332998a2db use a much longer ssl_session_timeout
To match the settiongs from istlsfastyet.com

Add a mention of ssl_buffer_size even though it can 't be enabled yet
2014-07-28 14:56:27 +00:00
AD7six aac9d71d54 add ssl example site
ensure to avoid any use of if as that's "extremely inefficient" and
eliminate redirects where possible
2014-07-28 14:52:00 +00:00
AD7six b5004a9b46 don't include ssl config by default
If the server has no ssl config - there's no need to load a config file
full of ssl config
2014-07-28 14:44:28 +00:00
AD7six 72f9509a5e disable ssl_session_tickets
it's only recently added so is a config error otherwise
2014-07-28 14:42:35 +00:00
AD7six 7295a765ee add stubs for ssl-stapling and spdy 2014-07-28 14:38:22 +00:00
AD7six 759bf84163 Default to use HTTP strict transport security 2014-07-28 14:30:00 +00:00
AD7six 398036440b add increased ssl timeout 2014-07-28 14:29:04 +00:00
AD7six d996d2da0c turn off ssl session tickets
Stolen from istlsfastyet.com's config

It is probably a more logical default to turn off session tickets
given the diff linked in the comment block.
2014-07-28 14:20:58 +00:00
AD7six 08d4bbbd04 remove SSLv3 from the ssl protocol list
As suggested in #44, and since h5bp doesn't support IE6 it seems to be
appropriate to remove a protocol which is in the list only to permit use
with IE6.
2014-07-28 14:16:09 +00:00
AD7six 029ff47286 move ssl config to a seperate file 2014-07-28 14:08:19 +00:00
AD7six 5142e91ecf Remove tcp_nodelay
The Nagle buffering algorithm is apparently that the best thing
to enable by default.

closes #28
2014-07-28 13:52:39 +00:00
Syed I.R 7cae83a0cf Fix typo, Update/Add Nginx Command to test a particular config file, Update Restart Command & Comments. 2014-07-28 13:43:34 +00:00
Syed I.R fc53165d01 Format README, Add Verify Config & Restart Nginx Command. 2014-07-28 13:43:34 +00:00
Marvin Roger 03dc5e07e6 Fix typo
Close h5bp/server-configs-nginx#48.
2014-06-26 22:42:12 +03:00
Syed I.R 2f57c32060 Make minor format related improvement in README.md 2014-06-22 22:08:03 +03:00
AD7six bf0e3657f9 apply cross-domain changes proposed in #23
closes #23
2014-04-08 10:13:29 +00:00
Andy Dawson 46e4d5b30b Merge pull request #36 from mediochrea/master
Added missing semicolon, removed text/html charset
2014-01-31 10:40:40 -08:00
Odontopera Mediochrea fa41e580df Added missing semicolon, removed text/html charset
I believe the error was because text/html is implied by default.
2014-01-30 23:23:31 +02:00
Andy Dawson 1a08f51108 Merge pull request #34 from h5bp/charset_types
Fix charset_types as mime.types is updated
2014-01-28 13:28:10 -08:00
Andy Dawson 5451d17260 Correct link to documentation. 2014-01-28 22:25:39 +01:00
Andy Dawson d34033193f Merge pull request #31 from alimony/patch-1
Fix broken documentation link.
2014-01-28 13:25:07 -08:00
Andy Dawson b1549a8438 Merge pull request #35 from ChrisMcKee/patch-1
ssl_ciphers update
2014-01-28 13:17:10 -08:00
Chris McKee 91cac519ef ssl_ciphers update
Updated ciphers to provide forwarding secrecy, a wider range of support and to match those provided by Mozilla security https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
2014-01-27 13:54:16 +00:00
Andy Dawson e1ff007951 Merge pull request #32 from Slix/patch-1
Fix spelling errors in nginx config docs.
2014-01-21 08:47:56 -08:00
Tsz Ming WONG e44a8ad34b Fix charset_types as mime.types is updated 2014-01-16 11:10:49 +02:00