89 Commits

Author	SHA1	Message	Date
Jason Wilder	3d20c626c8	Merge pull request #359 from sw-double/master ... Set appropriate X-Forwarded-Ssl header	2017-01-10 09:21:19 -07:00
Konstantin L	16c9853dc2	Set appropriate X-Forwarded-Ssl header.	2017-01-10 15:44:02 +01:00
Thomas LÉVEIL	019fa89c53	add comment to ease debugging	2017-01-10 10:10:46 +01:00
Thomas LEVEIL	1bfc1c85ce	fix regexp in VIRTUAL_HOST using end-of-string matching ()	2017-01-08 01:49:05 +01:00
Steve Kamerman	9ef0bb3356	Comment typo	2016-09-29 16:06:53 -04:00
Steve Kamerman	124b8cd757	Honor upstream forwarded port if available	2016-09-29 11:33:21 -04:00
Steve Kamerman	6ebbdb10c7	Merge branch 'master' into feature_x_forwarded_port	2016-09-29 11:26:51 -04:00
Chulki Lee	4661bf4dd9	add ssl_session_tickets to default site ... Fixes #580	2016-09-23 21:58:09 -07:00
pvlg	fe9a538ec8	Replace "replace" to "trimSuffix" ... I have a domain key-mydomain.com. When I add domain www.key-mydomain.com with ssl cert I did not get the desired result. Function replace cut name ssl cert "www.key-mydomain.com.key" to "www-mydomain.com".	2016-09-17 16:53:01 +03:00
mplx	37323320c8	do not enable HSTS for subdomains	2016-09-12 09:46:59 +02:00
Jason Wilder	ec7169c112	Merge pull request #323 from pabra/master ... connect to uWSGI backends	2016-09-09 14:16:08 -06:00
Ruben	87879c1ee2	Update ciphers and HTST settings to get A+ rating ... The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate)	2016-09-01 11:34:56 +02:00
Steve Kamerman	2e29168d92	Added X-Forwarded-Port	2016-07-21 11:23:35 -04:00
Steve Kamerman	fd127517b9	Added comments about httpoxy	2016-07-19 11:03:41 -04:00
Steve Kamerman	357d58ad97	Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110)	2016-07-18 13:34:37 -04:00
Jason Wilder	580517725f	Revert 9c93efa	2016-06-13 00:10:49 -06:00
Jason Wilder	d1e6e1c0be	Merge pull request #344 from schmunk42/feature/error-code ... changed error code for non-usable/default SSL cert, fixes #341	2016-06-12 15:54:40 -06:00
Jason Wilder	fc619d63ad	Merge pull request #460 from kumy/patch-1 ... Fix a typo in comment	2016-06-12 15:28:40 -06:00
Jason Wilder	c36b42933d	Merge pull request #462 from kamermans/master ... Disable HSTS when HTTPS_METHOD=noredirect	2016-06-12 15:28:08 -06:00
Jason Wilder	9c93efaef9	Fix template error when /etc/nginx/certs does not exist	2016-06-12 14:10:40 -06:00
Steve Kamerman	da3e257843	Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS	2016-05-19 23:20:43 -04:00
kumy	8c76ea9f9b	Fix a typo in comment	2016-05-17 01:46:46 +02:00
Jason Wilder	5b9264d945	Merge pull request #298 from kamermans/master ... Added env var to disable SSL redirect	2016-05-01 17:45:45 -06:00
Baptiste Donaux	ebab7cf2b9	[TEMPLATE] fix variable call	2016-02-23 13:59:30 +01:00
Baptiste Donaux	658e20f661	Support container in one network shared with current container	2016-02-05 09:16:43 +01:00
Tobias Munk	b4e5f780e3	changed error code for non-usable/default SSL cert, fixes #341	2016-01-21 12:31:03 +01:00
Baptiste Donaux	a66115f560	Use new Network interface to support new overlay network	2016-01-17 12:29:55 +01:00
pabra	51c219d651	connect to uWSGI backends	2015-12-22 21:20:44 +01:00
Steve Kamerman	97c6340a9f	Implemented HTTPS noredir	2015-11-20 17:37:06 -05:00
Steve Kamerman	9dd6ad8503	First try at HTTPS_METHOD	2015-11-20 16:53:50 -05:00
Marius Gundersen	1e0b930174	trim whitespace from host and port ... based on latest docker-gen	2015-10-13 21:48:59 +02:00
Jonas Svatos	5c2280df84	fix condition for default config location ... Signed-off-by: Jonas Svatos <jonas.svatos@etnetera.cz>	2015-10-08 12:03:28 +02:00
Mike Dillon	6b5e12a946	Add missing access_log statement to HTTPS fallback	2015-10-06 21:18:00 -07:00
Aleš Roubíček	e06d5917a2	Use HTTP/2 instead of SPDY	2015-09-23 17:48:40 +02:00
Aleš Roubíček	249fb204f1	Use HTTP/2 instead of SPDY	2015-09-23 17:47:18 +02:00
Jason Wilder	8c193ba7e1	Merge pull request #215 from gradecam/feature/customize_improvements ... customizability improvements	2015-09-12 15:23:53 -06:00
Jason Wilder	bddb647b5f	Merge pull request #230 from appropriate/remove_duplicate_access_log_entries ... Remove duplicate access log entries	2015-09-12 15:12:31 -06:00
Mike Dillon	900a676af8	Move access_log from the http level to server ... This prevents duplicate access_log entries from being written for each request	2015-09-03 08:33:33 -07:00
CoreOS Admin	ae0da36d75	Fix bugs in config file from refactor	2015-08-29 18:38:43 -06:00
Ray Walker	d066bd32e0	Fix for #188 - add SSL server block outside hosts loop	2015-08-26 18:35:47 +10:00
Ray Walker	d3f56468b1	Fix for #188 - remove hostname from default SSL block	2015-08-26 12:49:59 +10:00
Mike Dillon	924fcd7984	Remove error_log setting from nginx.tmpl ... It's already set correctly in nginx.conf	2015-08-23 09:00:23 -07:00
Richard Bateman	405f4876b9	As per pull request feedback, update names to be consistent	2015-08-14 12:26:19 -06:00
Richard Bateman	d9ee7ed704	Add support for adding options to the location block of a vhost	2015-08-14 12:26:19 -06:00
Richard Bateman	b131b00e19	Add support for vhosts.d/defaults file with default vhost options ... - Only used if it exists and a vhost-specific one doesn't	2015-08-14 12:26:19 -06:00
Richard Bateman	2eff96969a	Add support for overriding default proxy settings ... - If /etc/nginx/proxy.conf exists use that, otherwise use the default	2015-08-14 12:26:07 -06:00
Wolfgang Ebner	6965b1ead4	fallback when DEFAULT_HOST is not set	2015-07-26 11:38:45 +02:00
Wolfgang Ebner	b0647dd5e9	set default_server also for https	2015-07-24 10:39:56 +02:00
Viranch Mehta	4f5351265a	Use define & template for re-usable blocks of upstream server template	2015-07-15 20:51:10 +05:30
Viranch Mehta	784507df1a	Cascade two else blocks into one using coalesce on VIRTUAL_PORT and 80 ... This also takes care of the case when VIRTUAL_PORT is not actually exposed.	2015-07-11 01:19:44 +05:30