0ri0n
1648e2f0d4
Update ssl_ciphers To Latest Mozilla Intermediate
...
Updates to latest ciphers list for Mozilla Intermediate, which also adds support for ChaCha20 and Poly1305.
2017-01-08 12:18:04 -05:00
0ri0n
9c7e84f54f
Remove Unnecessary Trailing Semicolon
...
No need to add a semicolon for the last directive. In addition, having that unnecessary semicolon causes the HSTS tool (https://hstspreload.org/ ) for getting on the preload list to fail with an error about the semicolon.
2017-01-07 12:10:02 -05:00
Alan Orth
fd84b1f429
Use Cache-Control max-age instead of Expires headers
...
Cache-Control max-age was introduced in HTTP/1.1 over ten years ago
and is preferred to Expires. This replaces all expiry dates with an
equivalent max-age in seconds.
See: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching
See: https://www.mnot.net/blog/2007/05/15/expires_max-age
2016-11-15 15:46:34 +02:00
Alan Orth
b0c1406cf9
Remove references to Cache-Control public
...
A previous commit removed some, but missed these. Where a location
directive was using Expires to set a future expiry in conjunction
with Cache-Control public, I have replaced the time with an equal
max-age.
Furthermore, Google's web performance guide says that "public" is
implicit if there is a max-age specified.
See: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching
2016-11-15 15:37:26 +02:00
Andy Dawson
cb3dc0554e
Merge pull request #148 from leonklingele/add-header-always
...
Always add security-relevant headers to the response, regardless of the response code (implements #147 )
2016-09-09 16:39:54 +02:00
Tobias Reich
294e08557c
Updated gzip_types and charset_types
...
… both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed).
2016-08-20 17:17:01 +02:00
JoeArizona
9821896b9b
Added mime types for JPEG-XR, markdown, and CSV
...
JPEG-XR: http://www.iana.org/assignments/provisional-standard-media-types/provisional-standard-media-types.xhtml
Markdown: https://tools.ietf.org/html/rfc7763
CSV: https://tools.ietf.org/html/rfc7111
2016-07-31 17:31:53 -07:00
Leon Klingele
934eaf3f87
Always add security-relevant headers to the response, regardless of the response code (implements #147 )
...
From nginx' add_header documentation:
```
add_header Adds the specified field to a response header provided that
the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307.
```
At least for all security-relevant headers this should not be the case
and the header should always be added.
2016-07-07 13:29:58 +02:00
Andy Dawson
3f4719b79a
Merge pull request #145 from Cloudoki/gitignore-sites-enabled
...
ignore files in sites-enabled
2016-06-30 16:14:35 +02:00
Edgar Ribeiro
fcc2657585
gitignore already tracked
2016-06-30 14:29:39 +01:00
Andy Dawson
678951333a
Merge pull request #146 from Cloudoki/typo
...
fix missing ;
2016-06-30 15:23:58 +02:00
Edgar Ribeiro
58e6af626e
ignore files in sites-enabled
2016-06-30 13:37:50 +01:00
Edgar Ribeiro
60b272a2d3
fix missing ;
2016-06-30 13:32:40 +01:00
Andy Dawson
993b807c8e
Merge pull request #144 from appleboy/patch-2
...
Fixed #143 issue: Fix typo
2016-06-27 12:25:46 +02:00
Bo-Yi Wu
ebdb5f091e
Fixed #143 issue: Fix typo
2016-06-19 16:32:17 +08:00
Pentago
046aaaee84
Removed SPDY support as we're using HTTP/2 now. Ref: df102c6
2016-06-13 20:31:13 +02:00
Andy Dawson
0bb5924b2a
Whitespace
2016-06-08 10:06:48 +02:00
Andy Dawson
f44d0305a0
Add a failing example
2016-06-08 10:06:16 +02:00
Andy Dawson
6b17b6025c
Show a successful example
2016-06-08 10:04:15 +02:00
Andy Dawson
bcdb8cd2bf
Now irrelevant
2016-06-08 10:01:27 +02:00
Andy Dawson
b8fdd45542
Remove access log for probably-not-static files
...
closes #131
2016-06-08 09:55:58 +02:00
Andy Dawson
d84f80ac98
Remove cache-control public
...
Closes #134
2016-06-08 09:55:00 +02:00
root
025b203b19
preload added to ssl.conf
2016-06-08 09:44:09 +02:00
Andy Dawson
7a0e282dd0
Add an ssl no-default example
...
I.e. an example of this:
-> curl -kI -H "Host: valid.com" https://localhost
HTTP/1.1 200 OK
...
-> curl -kI -H "Host: invalid.com" https://localhost
curl: (52) Empty reply from server
Whether this works or not depends on SNI.
2016-06-08 09:36:39 +02:00
Andy Dawson
6be3c46535
Merge pull request #138 from Buzut/master
...
Updated ssl.exemple.com to use http2 instead of spdy
2016-06-08 09:29:16 +02:00
Andy Dawson
ef96c5599f
Merge pull request #140 from ebgranger/feature/fixing-getting-started-documentation
...
documentation inconsistent with file structure
2016-06-08 09:26:45 +02:00
Andy Dawson
4300d7d402
Merge pull request #139 from cdchapman/hsts-includeSubDomains
...
Fix capitalization of includeSubDomains
2016-06-08 09:25:33 +02:00
Edward Granger
ea87f60b29
documentation inconsistent with file structure
2016-06-07 16:07:49 -04:00
Chris Chapman
09f500815c
Fix capitalization of includeSubDomains
2016-06-04 12:22:43 -06:00
Buzut
df102c6252
Updated ssl.exemple.com to use http2 instead of spdy
...
http2 is available in nginx since nginx 1.9.5. Therefor it's better to use the standard.
2016-05-25 15:02:34 +02:00
Andy Dawson
49aac21945
Merge pull request #133 from alanorth/keepalive-timeout-syntax
...
Correct syntax for keepalive_timeout
2016-03-24 18:00:01 +01:00
Andy Dawson
daea8eb54b
Merge pull request #129 from davisonio/specify-conf-defaults
...
Improve comments in nginx.conf
2016-03-24 17:59:35 +01:00
Craig Davison
73db8ccfd2
Fix typo
2016-03-22 15:27:19 +00:00
Craig Davison
605ec6f8c3
Improve comments in nginx.conf
2016-03-22 15:27:18 +00:00
Alan Orth
ec4e0303f4
Correct syntax for keepalive_timeout
...
It doesn't seem to be a fatal error, but the keepalive_timeout
value actually requires "s" (for seconds). Another occurence of
this was fixed in 35434b3361
but
these slipped through.
See: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-14 10:25:01 +02:00
Andy Dawson
66d0c463e0
Merge pull request #128 from corbanmailloux/patch-1
...
Single capitalization fix
2016-01-29 21:17:14 +01:00
Andy Dawson
029821b1a8
Merge pull request #130 from davisonio/specify-keepalive_timeout
...
Specify that keepalive_timeout is in seconds
2016-01-29 21:11:41 +01:00
Andy Dawson
740ba774f5
Merge pull request #124 from appleboy/patch-3
...
fix format.
2016-01-29 21:10:25 +01:00
Craig Davison
7c3a67131c
Change default value in comment
2016-01-23 14:05:55 +00:00
Craig Davison
35434b3361
Specify that keepalive_timeout is in seconds
2016-01-23 13:59:22 +00:00
Corban Mailloux
1329a12ff3
Single capitalization fix
2016-01-22 15:05:01 -05:00
Bo-Yi Wu
3270937c3a
fix format.
...
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2015-12-04 22:25:31 +08:00
Andy Dawson
6e4b16c4cf
Merge pull request #122 from beilharz/patch-1
...
Update nginx.conf: Typo in a comment
2015-12-03 11:51:05 +01:00
Andy Dawson
181de133f3
Merge pull request #123 from appleboy/patch-1
...
Add white space for comment.
2015-12-03 11:50:35 +01:00
Bo-Yi Wu
d5b5bf9e18
Add white space for comment.
2015-12-01 10:38:42 +08:00
beilharz
5934741e15
Update nginx.conf
...
Typo: sites-available should be sites-enabled
2015-11-25 09:49:15 +01:00
Andy Dawson
82181a672a
Merge pull request #119 from Francisc/patch-1
...
Minor typo fix
2015-11-16 09:23:02 +01:00
Francisc Romano
d554c7c582
Miiiiiiiiiiiiiinor typo fix
2015-11-02 14:03:25 +02:00
Andy Dawson
94b3680c9d
Merge pull request #105 from Cryszon/patch-1
...
Updated locations to match h5bp's Apache config
2015-09-11 10:55:01 +02:00
Andy Dawson
e2ab3b5800
Merge pull request #112 from philippbecker/mime-types
...
Update media types
2015-09-11 10:49:24 +02:00