jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
9,335 Commits 33 Branches 583 Tags
64bc9c6dbeb3e574f2a2a052750398d2bdf7e84d
Commit Graph

15 Commits

Author SHA1 Message Date
Girish Ramakrishnan
6648f41f3d nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive 2020-06-30 16:00:52 -07:00
Girish Ramakrishnan
7eafa661fe check .well-known presence upstream 
this is required for apps like nextcloud which have caldav/cardav
routes
 2020-04-15 16:56:41 -07:00
Girish Ramakrishnan
2fe323e587 remove bogus internal route 2020-04-14 23:11:44 -07:00
Girish Ramakrishnan
b3496e1354 Add ECDHE-RSA-AES128-SHA256 to cipher list 
one of our users had the site reverse proxied. it broke after the
5.1 cipher change and they nailed it down to using this cipher.

https://security.stackexchange.com/questions/72926/is-tls-ecdhe-rsa-with-aes-128-cbc-sha256-a-safe-cipher-suite-to-use
says this is safe

The following prints the cipher suite:

    log_format combined2 '$remote_addr - [$time_local] '
        '$ssl_protocol/$ssl_cipher '
        '"$request" $status $body_bytes_sent $request_time '
        '"$http_referer" "$host" "$http_user_agent"';
 2020-04-10 09:49:06 -07:00
Girish Ramakrishnan
2efa0aaca4 serve custom well-known documents via nginx 2020-04-09 00:15:56 -07:00
Girish Ramakrishnan
7d7df5247b Update cipher suite based on ssl-config recommendation 
ssl_prefer_server_ciphers off is the recommendation since the cpihers
are deprecated

https://serverfault.com/questions/997614/setting-ssl-prefer-server-ciphers-directive-in-nginx-config
 2020-03-24 19:24:58 -07:00
Girish Ramakrishnan
f99450d264 Enable TLSv1.3 and remove TLSv1 and 1.1 
IE10 does not have 1.2, so maybe we can risk it

As per Android documentaion TLS 1.2 is fully supported after API level 20/Android 5(Lolipop)

https://discussions.qualys.com/thread/17020-tls-12-support-for-android-devices
https://www.ryandesignstudio.com/what-is-tls/
 2020-03-24 14:37:08 -07:00
Girish Ramakrishnan
46ede3d60d search for request_uri in try_files 
this lets us put images in app_not_responding.html
 2020-03-06 17:01:48 -08:00
Girish Ramakrishnan
25ef5ab636 Move custom pages to a subdirectory 2020-02-05 11:42:17 -08:00
Girish Ramakrishnan
763e14f55d Make app error page customizable 2020-02-04 17:52:30 -08:00
Girish Ramakrishnan
6dc2e1aa14 Do not show error page for 503 
WP maintenance mode plugin will return 503
 2020-01-13 15:00:18 -08:00
Girish Ramakrishnan
8878bc4bf9 frameAncestors -> csp 
It seems we cannot separate frame ancestors from CSP because the hide
header just hides everything and not a specific resource. This means
that the user has to set or unset the full policy whole sale.
 2019-10-14 17:12:01 -07:00
Girish Ramakrishnan
9997cbddb8 Do not escape as html 2019-10-14 16:03:57 -07:00
Girish Ramakrishnan
9c12f1fe15 Add field to configure the reverse proxy 
part of #596
 2019-10-14 15:05:25 -07:00
Girish Ramakrishnan
488763fc42 rename appconfig to nginxconfig 2019-10-13 17:08:33 -07:00