tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,637 Commits 10 Branches 0 Tags
23fcf7869ee86e0d6b6bb81bfd1f1339b6192a49
Commit Graph

12 Commits

Author SHA1 Message Date
keiya
53817294fc Fix nginx location matching (#20198) 2022-11-09 04:12:57 +01:00
Rob Petti
8c81db5a41 allow /api/v1/streaming to be used as per documentation (#19896) 2022-11-07 03:16:44 +01:00
Yurii Izorkin
a449ee8654 nginx: optimize locations (#19438) 
* nginx: optimize locations

* nginx: don't use regex in locations

* nginx: optimize Cache-Control headaers

* nginx: use 404 error_page for missing static files

* nginx: sort locations

* nginx: add missing HSTS header
 2022-10-29 15:06:23 +02:00
Shlee
c7bab3318e Remove duplicate HSTS headers from nginx.conf (#19018) 
* Update nginx.conf

* Update nginx.conf

* Update nginx.conf
 2022-10-27 16:58:49 +02:00
LinAGKar
48caeb9d65 Also compress SVG and ICO images in nginx (#17651) 2022-02-26 17:27:11 +01:00
Peter Dave Hello
a2afcac7d9 Make sure nginx always send HSTS header (#16633) 
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308

As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.

Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
 2021-08-20 10:54:11 +01:00
Peter Dave Hello
e03dc3956f Disable nginx ssl_session_tickets for better security (#16632) 
It's default turned on, but it's better to turn it off for security reason.

Reference:
- https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
- https://github.com/mozilla/server-side-tls/issues/135
 2021-08-20 08:15:07 +01:00
Cecylia Bocovich
38bc4b9562 Set X-Forwarded-Proto to request scheme (#15310) (#15498) 
This fixes a bug that prevents logins to mastodon onion services. The
nginx directive assumed all requests were made over https, causing a
domain mismatch for onion services that have https redirects disabled.
The fix more correctly sets X-Forwarded-Proto to the actual scheme used
in the request.
 2021-01-05 22:25:07 +01:00
Shlee
514cd874a7 Update nginx.conf (#13066) 2020-03-08 16:04:25 +01:00
ichi_i
49f57b5534 Add TLS v1.3 support (#11603) 
Maintain TLS v1.2 compatibility (might want to drop this later) and add support for TLS v1.3
 2019-08-30 07:42:50 +02:00
Eugen Rochko
b7379da6cc Cache error 410 responses in recommended nginx configuration (#10425) 2019-03-30 03:14:31 +01:00
Eugen Rochko
6465972caf Add nginx and systemd templates (#8770) 
So they can be copied during installation instead of looking
them up in the documentation

Make default sidekiq configuration use weighted queues

Remove deprecated docs directory
 2018-09-24 16:46:05 +02:00