cloudron-box

Author	SHA1	Message	Date
Girish Ramakrishnan	434525943c	move appconfig.ejs	2018-12-13 21:53:31 -08:00
Girish Ramakrishnan	1b1945e1f5	Move out graphite from port 8000 Port 8000 is used by esxi management service (!)	2018-11-17 19:14:21 -08:00
Johannes Zellner	9bac7e8124	Move the comment where it belongs	2018-08-22 11:02:06 +02:00
Girish Ramakrishnan	589602cdb0	Add note	2018-07-25 08:29:39 -07:00
Girish Ramakrishnan	7654f36e23	Do temporary redirect instead Permanent redirect can be cached forever in the browser which means that changing redirect settings appear to not work.	2018-07-15 17:43:36 -07:00
Johannes Zellner	3d0da34960	Create nginx configs for app redirects	2018-06-29 23:14:06 +02:00
Johannes Zellner	ddaa52163b	Update ssl ciphers according to mozillas recommendation	2018-04-11 15:15:29 +02:00
Johannes Zellner	799c1ba05d	Improve on the csp header restriction	2018-04-11 13:00:08 +02:00
Johannes Zellner	838838b90d	nginx would drop other headers if add_header is defined in the location section	2018-04-11 12:29:57 +02:00
Johannes Zellner	573d0e993e	Add CSP header for dashboard	2018-04-10 17:59:06 +02:00
Girish Ramakrishnan	a07c4423c4	Rename webadmin to dashboard The box nginx config has to be re-generated but this is always done at box restart time	2018-03-15 14:14:23 -07:00
Johannes Zellner	35d2755cfb	Remove splashpage logic	2018-01-31 09:24:43 +01:00
Girish Ramakrishnan	014b77b7aa	Fix LE cert renewal failures LE contacts the server by hostname and not by IP. This means that when installing and reconfiguring the app it hits the default_server route since nginx configs for the app are not generated at. When doing in the daily cert renew, the nginx configs exist and we are unable to renew the certs.	2017-11-02 11:43:43 -07:00
Girish Ramakrishnan	6dd70c0ef2	acme challenges must be answered by default_server The challenge must be answered even before app nginx config is available.	2017-10-28 23:39:03 -07:00
Girish Ramakrishnan	3dedda32d4	Configure http server to only listen on known vhosts/IP For the rest it returns 404 Fixes #446	2017-10-27 00:10:50 -07:00
Johannes Zellner	8b341e2bf8	Only make nginx listen on ipv6 connections if it is supported by the system Could not decide on the ejs formatting, never nice for me	2017-09-29 19:43:37 +02:00
Johannes Zellner	e50e0f730b	Make nginx listen on :: for ipv6	2017-09-20 16:33:25 +02:00
Girish Ramakrishnan	3aebf51360	Fix upload of large files to apps `6a0ef7a1c1` broke the upload for apps e2e test is being added	2017-08-23 10:22:54 -07:00
Girish Ramakrishnan	6a0ef7a1c1	Allow larger files to be uploaded Note that other upload APIs like avatar are still limited to 1m by the nginx config	2017-08-20 19:15:54 -07:00
Girish Ramakrishnan	eb99f8b844	escape and quote the robotsTxt when templating for now, we restrict the string length to 4096 since that is what nginx allows	2017-07-23 19:56:28 -07:00
Girish Ramakrishnan	db7a4b75ae	log the host in nginx logs	2017-07-21 09:43:44 -07:00
Girish Ramakrishnan	b5aed7b00a	Set full path for nginx access log	2017-07-18 21:49:12 -07:00
Dick Tang	67486b8177	add X-Forwarded-Port in nginx reverse proxy for jetpack jetpack require X-Forward for the port, or "requested method jetpack.jsonAPI does not exist" ref: https://github.com/ViBiOh/docker-wordpress/issues/1	2017-07-18 15:58:46 +00:00
Girish Ramakrishnan	acd00222e5	Allow per-app configuration of robots.txt https://developers.google.com/search/reference/robots_txt has the specification Part of #344	2017-07-14 15:25:05 -05:00
Ian Fijolek	788004245a	Add HTTP/2 support to NGINX configs This easy fix should improve performance with newer browsers especially for applications that require many files to be sent over the wire coughNextcloud11cough NGINX blog post about HTTP/2 support: https://www.nginx.com/blog/nginx-1-9-5/	2017-05-02 22:00:55 +00:00
mehdi	fce2cdce7f	Adding proxy_max_temp_file_size 0 to nginx config. Explanation: When proxying an HTTP request, nginx first fills up the memory buffers (set by proxy_buffer_size and proxy_buffers). When these are full, it then writes them to a temporary file in batches of proxy_temp_file_write_size until it reaches proxy_max_temp_file_size. When proxy_max_temp_file_size is not set, and a very large file is being served, it reaches the maximum of 1GB, and nginx begins to behave weirdly.	2017-04-10 22:47:19 +02:00
Girish Ramakrishnan	8f912d8a1b	add note on how to view graphite browser	2017-04-04 12:35:29 -07:00
Johannes Zellner	602f8bcd04	Split platform and app data folders and get rid of btrfs volumes	2017-04-04 12:34:55 +02:00
Girish Ramakrishnan	2c871705c7	Add a referrer policy	2017-03-31 16:11:54 -07:00
Girish Ramakrishnan	ffbda22145	Fine tune rate limits a bit more	2017-03-29 16:03:08 -07:00
Girish Ramakrishnan	18e59c4754	Rate limit nginx routes that verify the password Also remove rate-limit middleware Test using something like: ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login Part of #187	2017-03-27 00:06:42 -07:00
Johannes Zellner	103cb10cad	Ignore upstream headers for security headers we set in nginx Apps like nextcloud set their own security headers ending up with having them set twice. I am not 100% sure if our headers should win or if we should not inject headers with nginx if the upstream app sets them already. This looks like the more permissive case where we simply enforce our values, regardless what the apps sets. This also fixes the nextcloud/owncloud security checks which were failing because the header values were duplicated, which results in string concatenation of values from same headers.	2017-03-21 14:18:39 +01:00
Girish Ramakrishnan	6a523606ca	Revert "Bump version to Nginx IPv6 support." This reverts commit `5555321cf5`. This reverts commit `f087ebbee0`. This reverts commit `d04f64d3d4`. Part of #264	2017-03-19 14:25:30 -07:00
Jonah Aragon	f087ebbee0	Add `listen [::]:80;` for IPv6 redirects.	2017-03-17 19:13:18 +00:00
Jonah Aragon	d04f64d3d4	Add IPv6 listen directives	2017-03-17 19:12:25 +00:00
Girish Ramakrishnan	4b3ef33989	Add some basic secure headers Part of #249	2017-03-08 22:14:44 -08:00
Girish Ramakrishnan	7f4f525551	dhparams.pem must be part of backup	2017-02-14 14:12:03 -08:00
Johannes Zellner	1d5465f21e	Update the ssl ciphers and add dhparams.pem Fixes #218	2017-02-13 00:28:22 +01:00
Girish Ramakrishnan	cd31e12bec	Do not includeSubdomains in HSTS This prevents one from redirecting to some http-only subdomain. For example, surfer in naked domain redirects to www subdomain (which is on github pages...)	2017-02-02 00:05:56 -08:00
Johannes Zellner	9b9d30c092	Remove commented out section of the nginx.conf	2017-01-11 00:09:51 +01:00
Johannes Zellner	fd479d04a0	Fix nginx config to make non vhost configs default_server Nginx does not match on the ip as a vhost. This no basically replaces the commented out section in the nginx.conf	2017-01-06 22:09:10 +01:00
Johannes Zellner	801c40420c	Create setup nginx config and cert for ip setup	2017-01-05 16:02:03 +01:00
Johannes	d39a84ea53	Do not redirect on app upstream error but show static error page Fixes #4	2016-11-21 16:25:23 +01:00
Girish Ramakrishnan	94037e5266	remove oauth proxy backend logic	2016-11-19 17:13:08 +05:30
Girish Ramakrishnan	b932a9be10	Set X-Forwarded-Ssl to on https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl http://stackoverflow.com/questions/16042647/whats-the-de-facto-standard-for-a-reverse-proxy-to-tell-the-backend-ssl-is-used	2016-08-17 17:46:36 -07:00
Johannes Zellner	867e875707	Revert "Add basic 404 page" This reverts commit 3793220dd48356d5fe421312915a8392fcccca0e.	2016-07-27 19:09:43 +02:00
Johannes Zellner	dcdca52dbd	Add basic 404 page	2016-07-27 17:52:54 +02:00
Johannes Zellner	3331d1aa13	Ensure the X-Frame-Options header has a single string argument	2016-07-15 11:26:05 +02:00
Johannes Zellner	66049a9e2d	Support x-frame-options in appconfig.ejs template	2016-07-14 16:28:59 +02:00
Johannes Zellner	ce116e56bf	Remove webdav specific headers This is not actually doing anything in that directive	2016-06-22 16:06:11 +02:00

1 2

73 Commits