Steve Kamerman
dfdd67f5a4
Implemented background dhparam generation
2017-01-11 22:43:09 -05:00
Steve Kamerman
f186815c2d
Merged upstream
2017-01-11 22:42:35 -05:00
Jason Wilder
3d20c626c8
Merge pull request #359 from sw-double/master
...
Set appropriate X-Forwarded-Ssl header
2017-01-10 09:21:19 -07:00
Konstantin L
16c9853dc2
Set appropriate X-Forwarded-Ssl header.
2017-01-10 15:44:02 +01:00
Thomas LÉVEIL
019fa89c53
add comment to ease debugging
2017-01-10 10:10:46 +01:00
Thomas LEVEIL
1bfc1c85ce
fix regexp in VIRTUAL_HOST using end-of-string matching ()
2017-01-08 01:49:05 +01:00
Steve Kamerman
b0de80d46b
Moved config edits from Dockerfile to template
2016-10-03 10:21:31 -04:00
Steve Kamerman
d3a0da451a
TLSv1 End-of-life pushed to June 30, 2018, rolled back for compatibility
2016-09-29 21:35:37 -04:00
Steve Kamerman
c51c9980cf
Removed TLS 1.0 as it is considered unsafe and must be disabled for PCI compliance
2016-09-29 19:52:20 -04:00
Steve Kamerman
6f2b3f1c54
Issue #586 Removed DES-based SSL ciphers
2016-09-29 17:10:17 -04:00
Steve Kamerman
9ef0bb3356
Comment typo
2016-09-29 16:06:53 -04:00
Steve Kamerman
124b8cd757
Honor upstream forwarded port if available
2016-09-29 11:33:21 -04:00
Steve Kamerman
6ebbdb10c7
Merge branch 'master' into feature_x_forwarded_port
2016-09-29 11:26:51 -04:00
Chulki Lee
4661bf4dd9
add ssl_session_tickets to default site
...
Fixes #580
2016-09-23 21:58:09 -07:00
pvlg
fe9a538ec8
Replace "replace" to "trimSuffix"
...
I have a domain key-mydomain.com. When I add domain www.key-mydomain.com with ssl cert I did not get the desired result. Function replace cut name ssl cert "www.key-mydomain.com.key" to "www-mydomain.com".
2016-09-17 16:53:01 +03:00
mplx
37323320c8
do not enable HSTS for subdomains
2016-09-12 09:46:59 +02:00
Jason Wilder
ec7169c112
Merge pull request #323 from pabra/master
...
connect to uWSGI backends
2016-09-09 14:16:08 -06:00
Ruben
87879c1ee2
Update ciphers and HTST settings to get A+ rating
...
The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate )
2016-09-01 11:34:56 +02:00
Steve Kamerman
2e29168d92
Added X-Forwarded-Port
2016-07-21 11:23:35 -04:00
Steve Kamerman
fd127517b9
Added comments about httpoxy
2016-07-19 11:03:41 -04:00
Steve Kamerman
357d58ad97
Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110)
2016-07-18 13:34:37 -04:00
Jason Wilder
580517725f
Revert 9c93efa
2016-06-13 00:10:49 -06:00
Jason Wilder
d1e6e1c0be
Merge pull request #344 from schmunk42/feature/error-code
...
changed error code for non-usable/default SSL cert, fixes #341
2016-06-12 15:54:40 -06:00
Jason Wilder
fc619d63ad
Merge pull request #460 from kumy/patch-1
...
Fix a typo in comment
2016-06-12 15:28:40 -06:00
Jason Wilder
c36b42933d
Merge pull request #462 from kamermans/master
...
Disable HSTS when HTTPS_METHOD=noredirect
2016-06-12 15:28:08 -06:00
Jason Wilder
9c93efaef9
Fix template error when /etc/nginx/certs does not exist
2016-06-12 14:10:40 -06:00
Steve Kamerman
da3e257843
Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS
2016-05-19 23:20:43 -04:00
kumy
8c76ea9f9b
Fix a typo in comment
2016-05-17 01:46:46 +02:00
Jason Wilder
5b9264d945
Merge pull request #298 from kamermans/master
...
Added env var to disable SSL redirect
2016-05-01 17:45:45 -06:00
Baptiste Donaux
ebab7cf2b9
[TEMPLATE] fix variable call
2016-02-23 13:59:30 +01:00
Baptiste Donaux
658e20f661
Support container in one network shared with current container
2016-02-05 09:16:43 +01:00
Tobias Munk
b4e5f780e3
changed error code for non-usable/default SSL cert, fixes #341
2016-01-21 12:31:03 +01:00
Baptiste Donaux
a66115f560
Use new Network interface to support new overlay network
2016-01-17 12:29:55 +01:00
pabra
51c219d651
connect to uWSGI backends
2015-12-22 21:20:44 +01:00
Steve Kamerman
97c6340a9f
Implemented HTTPS noredir
2015-11-20 17:37:06 -05:00
Steve Kamerman
9dd6ad8503
First try at HTTPS_METHOD
2015-11-20 16:53:50 -05:00
Marius Gundersen
1e0b930174
trim whitespace from host and port
...
based on latest docker-gen
2015-10-13 21:48:59 +02:00
Jonas Svatos
5c2280df84
fix condition for default config location
...
Signed-off-by: Jonas Svatos <jonas.svatos@etnetera.cz>
2015-10-08 12:03:28 +02:00
Mike Dillon
6b5e12a946
Add missing access_log statement to HTTPS fallback
2015-10-06 21:18:00 -07:00
Aleš Roubíček
e06d5917a2
Use HTTP/2 instead of SPDY
2015-09-23 17:48:40 +02:00
Aleš Roubíček
249fb204f1
Use HTTP/2 instead of SPDY
2015-09-23 17:47:18 +02:00
Jason Wilder
8c193ba7e1
Merge pull request #215 from gradecam/feature/customize_improvements
...
customizability improvements
2015-09-12 15:23:53 -06:00
Jason Wilder
bddb647b5f
Merge pull request #230 from appropriate/remove_duplicate_access_log_entries
...
Remove duplicate access log entries
2015-09-12 15:12:31 -06:00
Mike Dillon
900a676af8
Move access_log from the http level to server
...
This prevents duplicate access_log entries from being written for each request
2015-09-03 08:33:33 -07:00
CoreOS Admin
ae0da36d75
Fix bugs in config file from refactor
2015-08-29 18:38:43 -06:00
Ray Walker
d066bd32e0
Fix for #188 - add SSL server block outside hosts loop
2015-08-26 18:35:47 +10:00
Ray Walker
d3f56468b1
Fix for #188 - remove hostname from default SSL block
2015-08-26 12:49:59 +10:00
Mike Dillon
924fcd7984
Remove error_log setting from nginx.tmpl
...
It's already set correctly in nginx.conf
2015-08-23 09:00:23 -07:00
Richard Bateman
405f4876b9
As per pull request feedback, update names to be consistent
2015-08-14 12:26:19 -06:00
Richard Bateman
d9ee7ed704
Add support for adding options to the location block of a vhost
2015-08-14 12:26:19 -06:00