Steve Kamerman
374b1256cd
Add HTTPS_METHOD=https to disable SSL site
2016-10-01 11:22:48 -04:00
Chulki Lee
4661bf4dd9
add ssl_session_tickets to default site
...
Fixes #580
2016-09-23 21:58:09 -07:00
pvlg
fe9a538ec8
Replace "replace" to "trimSuffix"
...
I have a domain key-mydomain.com. When I add domain www.key-mydomain.com with ssl cert I did not get the desired result. Function replace cut name ssl cert "www.key-mydomain.com.key" to "www-mydomain.com".
2016-09-17 16:53:01 +03:00
mplx
37323320c8
do not enable HSTS for subdomains
2016-09-12 09:46:59 +02:00
Jason Wilder
ec7169c112
Merge pull request #323 from pabra/master
...
connect to uWSGI backends
2016-09-09 14:16:08 -06:00
Ruben
87879c1ee2
Update ciphers and HTST settings to get A+ rating
...
The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate )
2016-09-01 11:34:56 +02:00
Steve Kamerman
fd127517b9
Added comments about httpoxy
2016-07-19 11:03:41 -04:00
Steve Kamerman
357d58ad97
Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110)
2016-07-18 13:34:37 -04:00
Jason Wilder
580517725f
Revert 9c93efa
2016-06-13 00:10:49 -06:00
Jason Wilder
d1e6e1c0be
Merge pull request #344 from schmunk42/feature/error-code
...
changed error code for non-usable/default SSL cert, fixes #341
2016-06-12 15:54:40 -06:00
Jason Wilder
fc619d63ad
Merge pull request #460 from kumy/patch-1
...
Fix a typo in comment
2016-06-12 15:28:40 -06:00
Jason Wilder
c36b42933d
Merge pull request #462 from kamermans/master
...
Disable HSTS when HTTPS_METHOD=noredirect
2016-06-12 15:28:08 -06:00
Jason Wilder
9c93efaef9
Fix template error when /etc/nginx/certs does not exist
2016-06-12 14:10:40 -06:00
Steve Kamerman
da3e257843
Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS
2016-05-19 23:20:43 -04:00
kumy
8c76ea9f9b
Fix a typo in comment
2016-05-17 01:46:46 +02:00
Jason Wilder
5b9264d945
Merge pull request #298 from kamermans/master
...
Added env var to disable SSL redirect
2016-05-01 17:45:45 -06:00
Baptiste Donaux
ebab7cf2b9
[TEMPLATE] fix variable call
2016-02-23 13:59:30 +01:00
Baptiste Donaux
658e20f661
Support container in one network shared with current container
2016-02-05 09:16:43 +01:00
Tobias Munk
b4e5f780e3
changed error code for non-usable/default SSL cert, fixes #341
2016-01-21 12:31:03 +01:00
Baptiste Donaux
a66115f560
Use new Network interface to support new overlay network
2016-01-17 12:29:55 +01:00
pabra
51c219d651
connect to uWSGI backends
2015-12-22 21:20:44 +01:00
Steve Kamerman
97c6340a9f
Implemented HTTPS noredir
2015-11-20 17:37:06 -05:00
Steve Kamerman
9dd6ad8503
First try at HTTPS_METHOD
2015-11-20 16:53:50 -05:00
Marius Gundersen
1e0b930174
trim whitespace from host and port
...
based on latest docker-gen
2015-10-13 21:48:59 +02:00
Jonas Svatos
5c2280df84
fix condition for default config location
...
Signed-off-by: Jonas Svatos <jonas.svatos@etnetera.cz>
2015-10-08 12:03:28 +02:00
Mike Dillon
6b5e12a946
Add missing access_log statement to HTTPS fallback
2015-10-06 21:18:00 -07:00
Aleš Roubíček
e06d5917a2
Use HTTP/2 instead of SPDY
2015-09-23 17:48:40 +02:00
Aleš Roubíček
249fb204f1
Use HTTP/2 instead of SPDY
2015-09-23 17:47:18 +02:00
Jason Wilder
8c193ba7e1
Merge pull request #215 from gradecam/feature/customize_improvements
...
customizability improvements
2015-09-12 15:23:53 -06:00
Jason Wilder
bddb647b5f
Merge pull request #230 from appropriate/remove_duplicate_access_log_entries
...
Remove duplicate access log entries
2015-09-12 15:12:31 -06:00
Mike Dillon
900a676af8
Move access_log from the http level to server
...
This prevents duplicate access_log entries from being written for each request
2015-09-03 08:33:33 -07:00
CoreOS Admin
ae0da36d75
Fix bugs in config file from refactor
2015-08-29 18:38:43 -06:00
Ray Walker
d066bd32e0
Fix for #188 - add SSL server block outside hosts loop
2015-08-26 18:35:47 +10:00
Ray Walker
d3f56468b1
Fix for #188 - remove hostname from default SSL block
2015-08-26 12:49:59 +10:00
Mike Dillon
924fcd7984
Remove error_log setting from nginx.tmpl
...
It's already set correctly in nginx.conf
2015-08-23 09:00:23 -07:00
Richard Bateman
405f4876b9
As per pull request feedback, update names to be consistent
2015-08-14 12:26:19 -06:00
Richard Bateman
d9ee7ed704
Add support for adding options to the location block of a vhost
2015-08-14 12:26:19 -06:00
Richard Bateman
b131b00e19
Add support for vhosts.d/defaults file with default vhost options
...
- Only used if it exists and a vhost-specific one doesn't
2015-08-14 12:26:19 -06:00
Richard Bateman
2eff96969a
Add support for overriding default proxy settings
...
- If /etc/nginx/proxy.conf exists use that, otherwise use the default
2015-08-14 12:26:07 -06:00
Wolfgang Ebner
6965b1ead4
fallback when DEFAULT_HOST is not set
2015-07-26 11:38:45 +02:00
Wolfgang Ebner
b0647dd5e9
set default_server also for https
2015-07-24 10:39:56 +02:00
Viranch Mehta
4f5351265a
Use define & template for re-usable blocks of upstream server template
2015-07-15 20:51:10 +05:30
Viranch Mehta
784507df1a
Cascade two else blocks into one using coalesce on VIRTUAL_PORT and 80
...
This also takes care of the case when VIRTUAL_PORT is not actually
exposed.
2015-07-11 01:19:44 +05:30
Viranch Mehta
c4923d1f58
Use container host's IP:port if we're connected to a swarm master
2015-07-04 18:43:52 +05:30
Mike Dillon
f36ca3d7a3
Prevent generating broken config
...
Fixes #115
2015-06-23 17:05:12 -07:00
Kuo-Cheng Yeu
d74a4146c8
fix indention, and file nameing
2015-05-21 23:43:09 +08:00
Kuo-Cheng Yeu
a10d1b50bf
add support for ssl_dhparams to prevent 'Logjam' attack
2015-05-21 15:19:58 +08:00
Jason Wilder
503072c03f
Merge pull request #72 from BenHall/default_host
...
Ability to set a default host for nginx
2015-05-14 10:00:04 -06:00
Markus Kosmal
b680fb003e
Close marker instead of empty
2015-05-09 23:15:26 +02:00
Kuo-Cheng Yeu
4d2403b5d7
Add SPDY support
2015-04-29 14:41:25 +08:00