AD7six
e8113fa555
Add doc files for sites-enabled|available
2014-10-23 16:18:38 +00:00
AD7six
a873a55be7
Merge branch 'master' of github.com:h5bp/server-configs-nginx
2014-10-23 15:56:40 +00:00
AD7six
17ceffe681
whitespace matters
2014-10-23 15:53:48 +00:00
Andy Dawson
06d1a605cb
Merge pull request #71 from h5bp/content_transformation_and_ngx_pagespeed
...
Add information on `ngx_pagespeed` and content transformation
2014-10-23 17:52:45 +02:00
AD7six
2a852fd5e1
add hotlink protection example
...
closes #7
2014-10-23 15:50:58 +00:00
AD7six
f91d8fe776
Better wording
2014-10-23 15:24:03 +00:00
AD7six
28da5151ed
correct typo
2014-10-23 15:23:29 +00:00
AD7six
f861f2ff01
mention try_files in server context gotcha
2014-10-23 15:21:31 +00:00
AD7six
804ac371bc
dynamicly handling request which match a location block
2014-10-23 15:14:19 +00:00
AD7six
8934017c17
add a document explaining request handling
...
it's not exactly the same as one might expect
2014-10-23 15:07:08 +00:00
Cătălin Mariș
c7a2d3b476
Add info on ngx_pagespeed & content transformation
...
Provide information about `ngx_pagespeed` not rewriting any / some
of the resources if the `Cache-Control: no-transform` response header
is set.
Ref: https://developers.google.com/speed/pagespeed/module/configuration#notransform
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Thanks to @Nikita-S-Doroshenko for pointing this out!
Ref: h5bp/server-configs-apache#46
2014-10-23 14:08:00 +03:00
AD7six
9d38db3969
add a document (stub) for common problems
...
fixes #29
2014-10-23 09:40:45 +00:00
AD7six
c7262a6993
add nginx-conf-md to the toc
2014-10-23 09:30:35 +00:00
AD7six
711e2946e4
add a description of nginx.conf
...
it's not intented to be complete, merely guide users unfamiliar with
nginx.
fixes #39
2014-10-23 09:27:23 +00:00
Andy Dawson
764c707262
Merge pull request #69 from mikealmond/ssl-updates
...
Updated SSL ciphers and added note about POODLE
2014-10-17 21:06:10 +02:00
Andy Dawson
ce3f354ff2
Merge pull request #68 from DanielMarquard/patch-1
...
Removed includeSubDomains, and disable HTST by default
2014-10-16 11:44:53 +02:00
Daniel Marquard
99cdb58475
HSTS off by default
...
Consensus to disable HSTS by default.
2014-10-16 05:40:48 -04:00
Mike Almond
4cd1367b43
Remove quotes from SSL cipher list
2014-10-15 13:47:33 -04:00
Mike Almond
fe256f3be7
Add note about POODLE attack against SSLv3
2014-10-15 11:22:09 -04:00
Mike Almond
25cbfb8942
Update SSL ciphers to the updated defaults by Mozilla
2014-10-15 11:17:04 -04:00
Daniel Marquard
5525eebf2b
Removed "includeSubDomains"
...
As a best practice, Nginx should only direct clients to use the certificate on specified domains. This is because not all servers using other subdomains necessarily listen on 443 and because, unless it is a wildcard certificate, it likely won't be valid on subdomains other than WWW.
2014-10-14 00:16:22 -04:00
Andy Dawson
4ec8f51276
Merge pull request #59 from NotBobTheBuilder/master
...
Enable IPv6 listening
2014-10-01 12:10:40 +02:00
AD7six
537c939e72
Use a more conventional location for sites
...
it's more common (at meast IME) to use /var/www/example.com rather than
creating a new root folder `sites` to put apps in.
2014-10-01 10:03:49 +00:00
Andy Dawson
c0fbc4fd11
Merge pull request #66 from philippbecker/patch-1
...
Fix typo in `getting-started.md`
2014-10-01 10:59:32 +02:00
Philipp Becker
4617fd2e18
Fix typo in `getting-started.md`
...
User and group name should be separated by a space character.
Otherwise, only one value `www-data-www-data` is passed:
"If group is omitted, a group whose name equals that of user is used."
2014-09-30 11:46:34 +02:00
Przemek Matylla
f9b58cd883
Add configs for WOFF 2.0 font files (`.woff2`)
...
Ref: http://www.w3.org/TR/WOFF2/
h5bp/server-configs-apache#32
Close : h5bp/server-configs-nginx#54
2014-09-03 15:31:25 +03:00
Matthew Haughton
b75cbfdafe
Remove Chrome Frame related comment
...
Fix h5bp/server-configs-nginx#30
Close h5bp/server-configs-nginx#62
2014-09-03 15:16:05 +03:00
Jack Wearden
0ccf9b03cb
IPv6 only is the default
2014-08-21 00:32:02 +01:00
Jack Wearden
264738a043
IPv6 only is the default
2014-08-21 00:31:37 +01:00
Jack Wearden
9326c69219
IPv6 support
2014-08-20 23:55:04 +01:00
Jack Wearden
2ac65dbb5d
IPv6 support
2014-08-20 23:54:07 +01:00
Andy Dawson
3db5d61f81
Merge pull request #55 from cannie/patch-1
...
Use relative path for mime.types
2014-08-13 16:23:27 +02:00
Andy Dawson
52ccc699a8
Merge pull request #50 from drewhammond/gzip_http_version
...
Remove gzip_http_version parameter
2014-08-13 16:22:47 +02:00
Andy Dawson
069dd1480c
Merge pull request #53 from giggsey/patch-1
...
Fix 'directive' typo in example ssl config
2014-08-13 16:21:52 +02:00
Vladimir Sazhin
a83dd2d119
Use relative path for mime.types
2014-08-13 15:00:14 +04:00
Joshua Gigg
bf68202033
Fix 'directive' typo
...
Spotted by @honi in #51
2014-08-12 14:03:13 +01:00
Cătălin Mariș
8510caa5c6
Add missing semicolons in `ssl.example.com`
...
Close h5bp/server-configs-nginx#52 .
2014-08-07 15:01:30 +03:00
Drew Hammond
d8891a1b4c
Remove gzip_http_version parameter
...
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
2014-07-31 22:48:09 -04:00
AD7six
fc610f495a
Merge branch 'feature/split-ssl'
...
Add ssl config from istlsfastyet.com
Some doc changes needed, but this includes all of the config changes
Closes #44
2014-07-28 15:01:30 +00:00
AD7six
332998a2db
use a much longer ssl_session_timeout
...
To match the settiongs from istlsfastyet.com
Add a mention of ssl_buffer_size even though it can 't be enabled yet
2014-07-28 14:56:27 +00:00
AD7six
aac9d71d54
add ssl example site
...
ensure to avoid any use of if as that's "extremely inefficient" and
eliminate redirects where possible
2014-07-28 14:52:00 +00:00
AD7six
b5004a9b46
don't include ssl config by default
...
If the server has no ssl config - there's no need to load a config file
full of ssl config
2014-07-28 14:44:28 +00:00
AD7six
72f9509a5e
disable ssl_session_tickets
...
it's only recently added so is a config error otherwise
2014-07-28 14:42:35 +00:00
AD7six
7295a765ee
add stubs for ssl-stapling and spdy
2014-07-28 14:38:22 +00:00
AD7six
759bf84163
Default to use HTTP strict transport security
2014-07-28 14:30:00 +00:00
AD7six
398036440b
add increased ssl timeout
2014-07-28 14:29:04 +00:00
AD7six
d996d2da0c
turn off ssl session tickets
...
Stolen from istlsfastyet.com's config
It is probably a more logical default to turn off session tickets
given the diff linked in the comment block.
2014-07-28 14:20:58 +00:00
AD7six
08d4bbbd04
remove SSLv3 from the ssl protocol list
...
As suggested in #44 , and since h5bp doesn't support IE6 it seems to be
appropriate to remove a protocol which is in the list only to permit use
with IE6.
2014-07-28 14:16:09 +00:00
AD7six
029ff47286
move ssl config to a seperate file
2014-07-28 14:08:19 +00:00
AD7six
5142e91ecf
Remove tcp_nodelay
...
The Nagle buffering algorithm is apparently that the best thing
to enable by default.
closes #28
2014-07-28 13:52:39 +00:00