cloudron-box

Author	SHA1	Message	Date
Girish Ramakrishnan	014b77b7aa	Fix LE cert renewal failures LE contacts the server by hostname and not by IP. This means that when installing and reconfiguring the app it hits the default_server route since nginx configs for the app are not generated at. When doing in the daily cert renew, the nginx configs exist and we are unable to renew the certs.	2017-11-02 11:43:43 -07:00
Girish Ramakrishnan	6dd70c0ef2	acme challenges must be answered by default_server The challenge must be answered even before app nginx config is available.	2017-10-28 23:39:03 -07:00
Girish Ramakrishnan	3dedda32d4	Configure http server to only listen on known vhosts/IP For the rest it returns 404 Fixes #446	2017-10-27 00:10:50 -07:00
Johannes Zellner	8b341e2bf8	Only make nginx listen on ipv6 connections if it is supported by the system Could not decide on the ejs formatting, never nice for me	2017-09-29 19:43:37 +02:00
Johannes Zellner	e50e0f730b	Make nginx listen on :: for ipv6	2017-09-20 16:33:25 +02:00
Girish Ramakrishnan	3aebf51360	Fix upload of large files to apps `6a0ef7a1c1` broke the upload for apps e2e test is being added	2017-08-23 10:22:54 -07:00
Girish Ramakrishnan	6a0ef7a1c1	Allow larger files to be uploaded Note that other upload APIs like avatar are still limited to 1m by the nginx config	2017-08-20 19:15:54 -07:00
Girish Ramakrishnan	eb99f8b844	escape and quote the robotsTxt when templating for now, we restrict the string length to 4096 since that is what nginx allows	2017-07-23 19:56:28 -07:00
Girish Ramakrishnan	db7a4b75ae	log the host in nginx logs	2017-07-21 09:43:44 -07:00
Girish Ramakrishnan	b5aed7b00a	Set full path for nginx access log	2017-07-18 21:49:12 -07:00
Dick Tang	67486b8177	add X-Forwarded-Port in nginx reverse proxy for jetpack jetpack require X-Forward for the port, or "requested method jetpack.jsonAPI does not exist" ref: https://github.com/ViBiOh/docker-wordpress/issues/1	2017-07-18 15:58:46 +00:00
Girish Ramakrishnan	acd00222e5	Allow per-app configuration of robots.txt https://developers.google.com/search/reference/robots_txt has the specification Part of #344	2017-07-14 15:25:05 -05:00
Ian Fijolek	788004245a	Add HTTP/2 support to NGINX configs This easy fix should improve performance with newer browsers especially for applications that require many files to be sent over the wire coughNextcloud11cough NGINX blog post about HTTP/2 support: https://www.nginx.com/blog/nginx-1-9-5/	2017-05-02 22:00:55 +00:00
mehdi	fce2cdce7f	Adding proxy_max_temp_file_size 0 to nginx config. Explanation: When proxying an HTTP request, nginx first fills up the memory buffers (set by proxy_buffer_size and proxy_buffers). When these are full, it then writes them to a temporary file in batches of proxy_temp_file_write_size until it reaches proxy_max_temp_file_size. When proxy_max_temp_file_size is not set, and a very large file is being served, it reaches the maximum of 1GB, and nginx begins to behave weirdly.	2017-04-10 22:47:19 +02:00
Girish Ramakrishnan	8f912d8a1b	add note on how to view graphite browser	2017-04-04 12:35:29 -07:00
Johannes Zellner	602f8bcd04	Split platform and app data folders and get rid of btrfs volumes	2017-04-04 12:34:55 +02:00
Girish Ramakrishnan	2c871705c7	Add a referrer policy	2017-03-31 16:11:54 -07:00
Girish Ramakrishnan	ffbda22145	Fine tune rate limits a bit more	2017-03-29 16:03:08 -07:00
Girish Ramakrishnan	18e59c4754	Rate limit nginx routes that verify the password Also remove rate-limit middleware Test using something like: ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login Part of #187	2017-03-27 00:06:42 -07:00
Johannes Zellner	103cb10cad	Ignore upstream headers for security headers we set in nginx Apps like nextcloud set their own security headers ending up with having them set twice. I am not 100% sure if our headers should win or if we should not inject headers with nginx if the upstream app sets them already. This looks like the more permissive case where we simply enforce our values, regardless what the apps sets. This also fixes the nextcloud/owncloud security checks which were failing because the header values were duplicated, which results in string concatenation of values from same headers.	2017-03-21 14:18:39 +01:00
Girish Ramakrishnan	6a523606ca	Revert "Bump version to Nginx IPv6 support." This reverts commit `5555321cf5`. This reverts commit `f087ebbee0`. This reverts commit `d04f64d3d4`. Part of #264	2017-03-19 14:25:30 -07:00
Jonah Aragon	f087ebbee0	Add `listen [::]:80;` for IPv6 redirects.	2017-03-17 19:13:18 +00:00
Jonah Aragon	d04f64d3d4	Add IPv6 listen directives	2017-03-17 19:12:25 +00:00
Girish Ramakrishnan	4b3ef33989	Add some basic secure headers Part of #249	2017-03-08 22:14:44 -08:00
Girish Ramakrishnan	7f4f525551	dhparams.pem must be part of backup	2017-02-14 14:12:03 -08:00
Johannes Zellner	1d5465f21e	Update the ssl ciphers and add dhparams.pem Fixes #218	2017-02-13 00:28:22 +01:00
Girish Ramakrishnan	cd31e12bec	Do not includeSubdomains in HSTS This prevents one from redirecting to some http-only subdomain. For example, surfer in naked domain redirects to www subdomain (which is on github pages...)	2017-02-02 00:05:56 -08:00
Johannes Zellner	9b9d30c092	Remove commented out section of the nginx.conf	2017-01-11 00:09:51 +01:00
Johannes Zellner	fd479d04a0	Fix nginx config to make non vhost configs default_server Nginx does not match on the ip as a vhost. This no basically replaces the commented out section in the nginx.conf	2017-01-06 22:09:10 +01:00
Johannes Zellner	801c40420c	Create setup nginx config and cert for ip setup	2017-01-05 16:02:03 +01:00
Johannes	d39a84ea53	Do not redirect on app upstream error but show static error page Fixes #4	2016-11-21 16:25:23 +01:00
Girish Ramakrishnan	94037e5266	remove oauth proxy backend logic	2016-11-19 17:13:08 +05:30
Girish Ramakrishnan	b932a9be10	Set X-Forwarded-Ssl to on https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl http://stackoverflow.com/questions/16042647/whats-the-de-facto-standard-for-a-reverse-proxy-to-tell-the-backend-ssl-is-used	2016-08-17 17:46:36 -07:00
Johannes Zellner	867e875707	Revert "Add basic 404 page" This reverts commit 3793220dd48356d5fe421312915a8392fcccca0e.	2016-07-27 19:09:43 +02:00
Johannes Zellner	dcdca52dbd	Add basic 404 page	2016-07-27 17:52:54 +02:00
Johannes Zellner	3331d1aa13	Ensure the X-Frame-Options header has a single string argument	2016-07-15 11:26:05 +02:00
Johannes Zellner	66049a9e2d	Support x-frame-options in appconfig.ejs template	2016-07-14 16:28:59 +02:00
Johannes Zellner	ce116e56bf	Remove webdav specific headers This is not actually doing anything in that directive	2016-06-22 16:06:11 +02:00
Johannes Zellner	a37f87511b	Prevent clickjacking by sending X-Frame-Options	2016-06-15 13:10:26 +02:00
Girish Ramakrishnan	dc31946e50	move webdav block outside location when inside location, nginx is redirecting to 127.0.0.1 (no clue why)	2016-06-11 12:05:16 -07:00
Johannes Zellner	d06398dbfd	Move webdav nginx fixes into app endpoint Not sure if this will now still work with oauth proxy though.	2016-06-02 09:49:01 +02:00
Girish Ramakrishnan	dfa08469d6	set timeouts explicitly	2016-06-01 17:33:28 -07:00
Girish Ramakrishnan	d798073d95	fix comment of default_server	2016-06-01 17:28:15 -07:00
Girish Ramakrishnan	41632b8c11	fix favicon of naked domain	2016-06-01 17:27:39 -07:00
Girish Ramakrishnan	eb29bdd575	document keepalive_timeout	2016-06-01 16:51:52 -07:00
Johannes Zellner	47978436c2	Set Destination header for webdav in nginx proxy	2016-06-01 18:49:50 +02:00
Girish Ramakrishnan	27d2daae93	leave a note in nginx config	2016-05-19 12:27:54 -07:00
Girish Ramakrishnan	4a04e0b52f	use recommendation from raymii.org	2016-04-28 09:59:03 -07:00
girish@cloudron.io	ce0a24a95d	comment out public graphite paths	2016-01-25 12:51:37 -08:00
Johannes Zellner	63c06a508e	Make /api available on just the IP We might want to also show something else than the naked domain placeholder page when just accessing the ip	2016-01-24 12:08:10 +01:00

1 2

61 Commits