f1e7b85323
Regenreate change log
2017-05-06 17:21:55 +00:00
3bda5b93ed
Add defaults to all directives in nginx.conf
...
The reason most of these are changed is already covered by the existing
doc block
closes #127
2017-05-06 18:30:09 +02:00
eca3919c88
Merge pull request #155 from electerious/patch-1
...
Updated gzip_types and charset_types code convention
2017-05-06 17:58:03 +02:00
bede62c386
Merge pull request #151 from JoeArizona/patch-1
...
Added mime types for JPEG-XR, markdown, and CSV
2017-05-06 17:57:06 +02:00
ba73ae2f89
Merge pull request #142 from pentago/spdy-off
...
Removed SPDY support as we're using HTTP/2 now.
2017-05-06 17:51:38 +02:00
34c2114527
Don't need that expires
2017-05-06 17:49:43 +02:00
d2f4e5c68f
Remove cache-control public and better handle svgz files
...
Fixes : #86
Fixes : #134
2017-05-06 17:48:07 +02:00
351e70671e
Don't use expire headers in doc examples
2017-05-06 17:43:34 +02:00
1cc4b14e51
Merge pull request #168 from alanorth/cache-control-public
...
Use Cache-Control instead of Expires
2017-05-06 17:39:38 +02:00
c96e0adf12
Enable IPv6 for no-default
2017-05-06 17:22:11 +02:00
391375e1e7
Merge pull request #171 from quantumpacket/patch-1
...
Remove Unnecessary Trailing Semicolon
2017-05-06 17:01:07 +02:00
780aceba92
Merge pull request #172 from quantumpacket/patch-2
...
Update ssl_ciphers To Latest Mozilla Intermediate
2017-05-06 16:59:17 +02:00
1648e2f0d4
Update ssl_ciphers To Latest Mozilla Intermediate
...
Updates to latest ciphers list for Mozilla Intermediate, which also adds support for ChaCha20 and Poly1305.
2017-01-08 12:18:04 -05:00
9c7e84f54f
Remove Unnecessary Trailing Semicolon
...
No need to add a semicolon for the last directive. In addition, having that unnecessary semicolon causes the HSTS tool (https://hstspreload.org/ ) for getting on the preload list to fail with an error about the semicolon.
2017-01-07 12:10:02 -05:00
fd84b1f429
Use Cache-Control max-age instead of Expires headers
...
Cache-Control max-age was introduced in HTTP/1.1 over ten years ago
and is preferred to Expires. This replaces all expiry dates with an
equivalent max-age in seconds.
See: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching
See: https://www.mnot.net/blog/2007/05/15/expires_max-age
2016-11-15 15:46:34 +02:00
b0c1406cf9
Remove references to Cache-Control public
...
A previous commit removed some, but missed these. Where a location
directive was using Expires to set a future expiry in conjunction
with Cache-Control public, I have replaced the time with an equal
max-age.
Furthermore, Google's web performance guide says that "public" is
implicit if there is a max-age specified.
See: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching
2016-11-15 15:37:26 +02:00
cb3dc0554e
Merge pull request #148 from leonklingele/add-header-always
...
Always add security-relevant headers to the response, regardless of the response code (implements #147 )
2016-09-09 16:39:54 +02:00
294e08557c
Updated gzip_types and charset_types
...
… both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed).
2016-08-20 17:17:01 +02:00
9821896b9b
Added mime types for JPEG-XR, markdown, and CSV
...
JPEG-XR: http://www.iana.org/assignments/provisional-standard-media-types/provisional-standard-media-types.xhtml
Markdown: https://tools.ietf.org/html/rfc7763
CSV: https://tools.ietf.org/html/rfc7111
2016-07-31 17:31:53 -07:00
934eaf3f87
Always add security-relevant headers to the response, regardless of the response code (implements #147 )
...
From nginx' add_header documentation:
```
add_header Adds the specified field to a response header provided that
the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307.
```
At least for all security-relevant headers this should not be the case
and the header should always be added.
2016-07-07 13:29:58 +02:00
3f4719b79a
Merge pull request #145 from Cloudoki/gitignore-sites-enabled
...
ignore files in sites-enabled
2016-06-30 16:14:35 +02:00
fcc2657585
gitignore already tracked
2016-06-30 14:29:39 +01:00
678951333a
Merge pull request #146 from Cloudoki/typo
...
fix missing ;
2016-06-30 15:23:58 +02:00
58e6af626e
ignore files in sites-enabled
2016-06-30 13:37:50 +01:00
60b272a2d3
fix missing ;
2016-06-30 13:32:40 +01:00
993b807c8e
Merge pull request #144 from appleboy/patch-2
...
Fixed #143 issue: Fix typo
2016-06-27 12:25:46 +02:00
ebdb5f091e
Fixed #143 issue: Fix typo
2016-06-19 16:32:17 +08:00
046aaaee84
Removed SPDY support as we're using HTTP/2 now. Ref: df102c6
2016-06-13 20:31:13 +02:00
0bb5924b2a
Whitespace
2016-06-08 10:06:48 +02:00
f44d0305a0
Add a failing example
2016-06-08 10:06:16 +02:00
6b17b6025c
Show a successful example
2016-06-08 10:04:15 +02:00
bcdb8cd2bf
Now irrelevant
2016-06-08 10:01:27 +02:00
b8fdd45542
Remove access log for probably-not-static files
...
closes #131
2016-06-08 09:55:58 +02:00
d84f80ac98
Remove cache-control public
...
Closes #134
2016-06-08 09:55:00 +02:00
025b203b19
preload added to ssl.conf
2016-06-08 09:44:09 +02:00
7a0e282dd0
Add an ssl no-default example
...
I.e. an example of this:
-> curl -kI -H "Host: valid.com" https://localhost
HTTP/1.1 200 OK
...
-> curl -kI -H "Host: invalid.com" https://localhost
curl: (52) Empty reply from server
Whether this works or not depends on SNI.
2016-06-08 09:36:39 +02:00
6be3c46535
Merge pull request #138 from Buzut/master
...
Updated ssl.exemple.com to use http2 instead of spdy
2016-06-08 09:29:16 +02:00
ef96c5599f
Merge pull request #140 from ebgranger/feature/fixing-getting-started-documentation
...
documentation inconsistent with file structure
2016-06-08 09:26:45 +02:00
4300d7d402
Merge pull request #139 from cdchapman/hsts-includeSubDomains
...
Fix capitalization of includeSubDomains
2016-06-08 09:25:33 +02:00
ea87f60b29
documentation inconsistent with file structure
2016-06-07 16:07:49 -04:00
09f500815c
Fix capitalization of includeSubDomains
2016-06-04 12:22:43 -06:00
df102c6252
Updated ssl.exemple.com to use http2 instead of spdy
...
http2 is available in nginx since nginx 1.9.5. Therefor it's better to use the standard.
2016-05-25 15:02:34 +02:00
49aac21945
Merge pull request #133 from alanorth/keepalive-timeout-syntax
...
Correct syntax for keepalive_timeout
2016-03-24 18:00:01 +01:00
daea8eb54b
Merge pull request #129 from davisonio/specify-conf-defaults
...
Improve comments in nginx.conf
2016-03-24 17:59:35 +01:00
73db8ccfd2
Fix typo
2016-03-22 15:27:19 +00:00
605ec6f8c3
Improve comments in nginx.conf
2016-03-22 15:27:18 +00:00
ec4e0303f4
Correct syntax for keepalive_timeout
...
It doesn't seem to be a fatal error, but the keepalive_timeout
value actually requires "s" (for seconds). Another occurence of
this was fixed in 35434b3361http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-14 10:25:01 +02:00
66d0c463e0
Merge pull request #128 from corbanmailloux/patch-1
...
Single capitalization fix
2016-01-29 21:17:14 +01:00
029821b1a8
Merge pull request #130 from davisonio/specify-keepalive_timeout
...
Specify that keepalive_timeout is in seconds
2016-01-29 21:11:41 +01:00
740ba774f5
Merge pull request #124 from appleboy/patch-3
...
fix format.
2016-01-29 21:10:25 +01:00
Andy Dawson