1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 11:56:31 +00:00
Commit Graph

114 Commits

Author SHA1 Message Date
Steve Kamerman
93d90884e2
Implemented NETWORK_ACCESS (squash commit) 2017-10-18 13:29:12 -04:00
Jason Wilder
f05f7a0ff9 Merge pull request #574 from teohhanhui/ocsp-stapling-chain
Enable OCSP stapling if certificate trust chain is provided
2017-08-16 11:53:17 -06:00
Remi Pichon
fff84de367 Do not bind upstream with 'ingress' network
Merging https://github.com/jwilder/nginx-proxy/pull/774 and a8ee64b059
2017-08-10 12:30:00 +02:00
Teoh Han Hui
065dd7f1ea
Fix build 2017-07-31 17:46:58 +08:00
Steve Kamerman
0cc71fad49
Add dynamically-computed DNS resolvers to nginx (for PR #574) 2017-07-31 17:44:27 +08:00
Jason Wilder
02121df3b9 Merge pull request #589 from kamermans/feature_ssl_improvement
SSL security enhancement
2017-06-22 11:54:51 -06:00
Jason Wilder
57a33aaf8b Merge pull request #849 from Neilpang/Branch_0.6.0
running proxy on host network
2017-06-22 09:50:39 -06:00
Jason Wilder
c41186a3a4 Merge branch 'master' into feature_ssl_improvement 2017-06-14 16:31:12 -06:00
neilpang
a8ee64b059 running proxy on host network 2017-06-10 15:07:45 +08:00
Jason Wilder
4e4733f68e Trim $host and $proto before they are used 2017-06-09 12:55:39 -06:00
Steve Kamerman
ad9af2884d Merged master, fixed BATS conflict 2017-03-06 10:48:12 -05:00
Jason Wilder
985c46d8b5 Merge pull request #679 from thomasleveil/issue-677
regexp: use sha1 for upstream only if regexp is used
2017-02-16 12:11:06 -07:00
Thomas LEVEIL
f0951df040 optional IPv6 support
Fix #127 and fix #717 by improving #713
2017-02-15 11:50:16 +01:00
Marc Schreiber
8b67b2182f Add IPv6 listen address 2017-02-11 13:28:34 +01:00
Steve Kamerman
d320b43476 Merged conflict in BATS SSL test 2017-01-26 13:46:11 -05:00
Thomas LEVEIL
3f6381d0fa regexp: use sha1 for upstream only if regexp is used
avoid confusions such as in #677
2017-01-14 11:40:33 +01:00
Steve Kamerman
276b4dbe3e Merge branch 'master' into feature_nohttps 2017-01-13 13:07:03 -05:00
Steve Kamerman
dfdd67f5a4 Implemented background dhparam generation 2017-01-11 22:43:09 -05:00
Steve Kamerman
f186815c2d Merged upstream 2017-01-11 22:42:35 -05:00
Jason Wilder
3d20c626c8 Merge pull request #359 from sw-double/master
Set appropriate X-Forwarded-Ssl header
2017-01-10 09:21:19 -07:00
Konstantin L
16c9853dc2 Set appropriate X-Forwarded-Ssl header. 2017-01-10 15:44:02 +01:00
Thomas LÉVEIL
019fa89c53 add comment to ease debugging 2017-01-10 10:10:46 +01:00
Thomas LEVEIL
1bfc1c85ce fix regexp in VIRTUAL_HOST using end-of-string matching () 2017-01-08 01:49:05 +01:00
Steve Kamerman
fc7653bf3d Merge branch 'master' into feature_nohttps 2016-12-05 09:06:39 -05:00
Steve Kamerman
b0de80d46b Moved config edits from Dockerfile to template 2016-10-03 10:21:31 -04:00
Steve Kamerman
374b1256cd Add HTTPS_METHOD=https to disable SSL site 2016-10-01 11:22:48 -04:00
Steve Kamerman
d3a0da451a TLSv1 End-of-life pushed to June 30, 2018, rolled back for compatibility 2016-09-29 21:35:37 -04:00
Steve Kamerman
c51c9980cf Removed TLS 1.0 as it is considered unsafe and must be disabled for PCI compliance 2016-09-29 19:52:20 -04:00
Steve Kamerman
6f2b3f1c54 Issue #586 Removed DES-based SSL ciphers 2016-09-29 17:10:17 -04:00
Steve Kamerman
9ef0bb3356 Comment typo 2016-09-29 16:06:53 -04:00
Steve Kamerman
124b8cd757 Honor upstream forwarded port if available 2016-09-29 11:33:21 -04:00
Steve Kamerman
6ebbdb10c7 Merge branch 'master' into feature_x_forwarded_port 2016-09-29 11:26:51 -04:00
Chulki Lee
4661bf4dd9 add ssl_session_tickets to default site
Fixes #580
2016-09-23 21:58:09 -07:00
pvlg
fe9a538ec8 Replace "replace" to "trimSuffix"
I have a domain key-mydomain.com. When I add domain www.key-mydomain.com with ssl cert I did not get the desired result. Function replace cut name ssl cert "www.key-mydomain.com.key" to "www-mydomain.com".
2016-09-17 16:53:01 +03:00
mplx
37323320c8 do not enable HSTS for subdomains 2016-09-12 09:46:59 +02:00
Jason Wilder
ec7169c112 Merge pull request #323 from pabra/master
connect to uWSGI backends
2016-09-09 14:16:08 -06:00
Ruben
87879c1ee2 Update ciphers and HTST settings to get A+ rating
The default config gets you an 'A' rating. Cipher settings are copied from [Mozilla SSL Configartion Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1t&hsts=yes&profile=intermediate)
2016-09-01 11:34:56 +02:00
Steve Kamerman
2e29168d92 Added X-Forwarded-Port 2016-07-21 11:23:35 -04:00
Steve Kamerman
fd127517b9 Added comments about httpoxy 2016-07-19 11:03:41 -04:00
Steve Kamerman
357d58ad97 Mitigate httpoxy attack (httpoxy.org, CVE-2016-(5385-5388,1000109-1000110) 2016-07-18 13:34:37 -04:00
Jason Wilder
580517725f Revert 9c93efa 2016-06-13 00:10:49 -06:00
Jason Wilder
d1e6e1c0be Merge pull request #344 from schmunk42/feature/error-code
changed error code for non-usable/default SSL cert, fixes #341
2016-06-12 15:54:40 -06:00
Jason Wilder
fc619d63ad Merge pull request #460 from kumy/patch-1
Fix a typo in comment
2016-06-12 15:28:40 -06:00
Jason Wilder
c36b42933d Merge pull request #462 from kamermans/master
Disable HSTS when HTTPS_METHOD=noredirect
2016-06-12 15:28:08 -06:00
Jason Wilder
9c93efaef9 Fix template error when /etc/nginx/certs does not exist 2016-06-12 14:10:40 -06:00
Steve Kamerman
da3e257843 Removed HSTS when HTTPS_METHOD=noredirect, added tests, improved docs wrt HSTS 2016-05-19 23:20:43 -04:00
kumy
8c76ea9f9b Fix a typo in comment 2016-05-17 01:46:46 +02:00
Jason Wilder
5b9264d945 Merge pull request #298 from kamermans/master
Added env var to disable SSL redirect
2016-05-01 17:45:45 -06:00
Baptiste Donaux
ebab7cf2b9 [TEMPLATE] fix variable call 2016-02-23 13:59:30 +01:00
Baptiste Donaux
658e20f661 Support container in one network shared with current container 2016-02-05 09:16:43 +01:00