1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 20:06:30 +00:00
Commit Graph

76 Commits

Author SHA1 Message Date
Ruben
87879c1ee2 Update ciphers and HTST settings to get A+ rating
The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate)
2016-09-01 11:34:56 +02:00
Steve Kamerman
fd127517b9 Added comments about httpoxy 2016-07-19 11:03:41 -04:00
Steve Kamerman
357d58ad97 Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110) 2016-07-18 13:34:37 -04:00
Jason Wilder
580517725f Revert 9c93efa 2016-06-13 00:10:49 -06:00
Jason Wilder
d1e6e1c0be Merge pull request #344 from schmunk42/feature/error-code
changed error code for non-usable/default SSL cert, fixes #341
2016-06-12 15:54:40 -06:00
Jason Wilder
fc619d63ad Merge pull request #460 from kumy/patch-1
Fix a typo in comment
2016-06-12 15:28:40 -06:00
Jason Wilder
c36b42933d Merge pull request #462 from kamermans/master
Disable HSTS when HTTPS_METHOD=noredirect
2016-06-12 15:28:08 -06:00
Jason Wilder
9c93efaef9 Fix template error when /etc/nginx/certs does not exist 2016-06-12 14:10:40 -06:00
Steve Kamerman
da3e257843 Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS 2016-05-19 23:20:43 -04:00
kumy
8c76ea9f9b Fix a typo in comment 2016-05-17 01:46:46 +02:00
Jason Wilder
5b9264d945 Merge pull request #298 from kamermans/master
Added env var to disable SSL redirect
2016-05-01 17:45:45 -06:00
Baptiste Donaux
ebab7cf2b9 [TEMPLATE] fix variable call 2016-02-23 13:59:30 +01:00
Baptiste Donaux
658e20f661 Support container in one network shared with current container 2016-02-05 09:16:43 +01:00
Tobias Munk
b4e5f780e3 changed error code for non-usable/default SSL cert, fixes #341 2016-01-21 12:31:03 +01:00
Baptiste Donaux
a66115f560 Use new Network interface to support new overlay network 2016-01-17 12:29:55 +01:00
Steve Kamerman
97c6340a9f Implemented HTTPS noredir 2015-11-20 17:37:06 -05:00
Steve Kamerman
9dd6ad8503 First try at HTTPS_METHOD 2015-11-20 16:53:50 -05:00
Marius Gundersen
1e0b930174 trim whitespace from host and port
based on latest docker-gen
2015-10-13 21:48:59 +02:00
Jonas Svatos
5c2280df84 fix condition for default config location
Signed-off-by: Jonas Svatos <jonas.svatos@etnetera.cz>
2015-10-08 12:03:28 +02:00
Mike Dillon
6b5e12a946 Add missing access_log statement to HTTPS fallback 2015-10-06 21:18:00 -07:00
Aleš Roubíček
e06d5917a2 Use HTTP/2 instead of SPDY 2015-09-23 17:48:40 +02:00
Aleš Roubíček
249fb204f1 Use HTTP/2 instead of SPDY 2015-09-23 17:47:18 +02:00
Jason Wilder
8c193ba7e1 Merge pull request #215 from gradecam/feature/customize_improvements
customizability improvements
2015-09-12 15:23:53 -06:00
Jason Wilder
bddb647b5f Merge pull request #230 from appropriate/remove_duplicate_access_log_entries
Remove duplicate access log entries
2015-09-12 15:12:31 -06:00
Mike Dillon
900a676af8 Move access_log from the http level to server
This prevents duplicate access_log entries from being written for each request
2015-09-03 08:33:33 -07:00
CoreOS Admin
ae0da36d75 Fix bugs in config file from refactor 2015-08-29 18:38:43 -06:00
Ray Walker
d066bd32e0 Fix for #188 - add SSL server block outside hosts loop 2015-08-26 18:35:47 +10:00
Ray Walker
d3f56468b1 Fix for #188 - remove hostname from default SSL block 2015-08-26 12:49:59 +10:00
Mike Dillon
924fcd7984 Remove error_log setting from nginx.tmpl
It's already set correctly in nginx.conf
2015-08-23 09:00:23 -07:00
Richard Bateman
405f4876b9 As per pull request feedback, update names to be consistent 2015-08-14 12:26:19 -06:00
Richard Bateman
d9ee7ed704 Add support for adding options to the location block of a vhost 2015-08-14 12:26:19 -06:00
Richard Bateman
b131b00e19 Add support for vhosts.d/defaults file with default vhost options
- Only used if it exists and a vhost-specific one doesn't
2015-08-14 12:26:19 -06:00
Richard Bateman
2eff96969a Add support for overriding default proxy settings
- If /etc/nginx/proxy.conf exists use that, otherwise use the default
2015-08-14 12:26:07 -06:00
Wolfgang Ebner
6965b1ead4 fallback when DEFAULT_HOST is not set 2015-07-26 11:38:45 +02:00
Wolfgang Ebner
b0647dd5e9 set default_server also for https 2015-07-24 10:39:56 +02:00
Viranch Mehta
4f5351265a Use define & template for re-usable blocks of upstream server template 2015-07-15 20:51:10 +05:30
Viranch Mehta
784507df1a Cascade two else blocks into one using coalesce on VIRTUAL_PORT and 80
This also takes care of the case when VIRTUAL_PORT is not actually
exposed.
2015-07-11 01:19:44 +05:30
Viranch Mehta
c4923d1f58 Use container host's IP:port if we're connected to a swarm master 2015-07-04 18:43:52 +05:30
Mike Dillon
f36ca3d7a3 Prevent generating broken config
Fixes #115
2015-06-23 17:05:12 -07:00
Kuo-Cheng Yeu
d74a4146c8 fix indention, and file nameing 2015-05-21 23:43:09 +08:00
Kuo-Cheng Yeu
a10d1b50bf add support for ssl_dhparams to prevent 'Logjam' attack 2015-05-21 15:19:58 +08:00
Jason Wilder
503072c03f Merge pull request #72 from BenHall/default_host
Ability to set a default host for nginx
2015-05-14 10:00:04 -06:00
Markus Kosmal
b680fb003e Close marker instead of empty 2015-05-09 23:15:26 +02:00
Kuo-Cheng Yeu
4d2403b5d7 Add SPDY support 2015-04-29 14:41:25 +08:00
Jason Wilder
4a99ac5548 Remove includeSubdomains from HSTS header
includeSubdomains can lead to issues where not all subdomains are
able to use HTTPS.  This options might be too strict for the general
case: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security.
It can be re-enabled w/ a custom template if needed.

Fixes #109
2015-02-28 15:50:59 -07:00
Mike Dillon
aa5dfdb3d5 Fix HTTP->HTTPS redirect for wildcard hosts
Uses Nginx's $host instead of interpolating `{{ $host }}` in the template
2015-02-25 10:29:59 -08:00
Jason Wilder
d831c058f3 Merge pull request #106 from md5/per-vhost-includes
Per VIRTUAL_HOST configuration files
2015-02-23 12:20:55 -07:00
Jason Wilder
c3534b7195 Merge pull request #91 from pirelenito/master
fixes SSL support while mixing HTTPS and non-HTTPS hosts
2015-02-22 15:00:48 -07:00
Mike Dillon
2010332395 Support per-VIRTUAL_HOST Nginx conf files 2015-02-22 09:25:50 -08:00
Mike Dillon
6c3b3c87be Support VIRTUAL_PROTO=https for HTTPS backends 2015-02-14 16:02:39 -08:00