Girish Ramakrishnan
008fa09877
proxyauth: redirect correctly after login
2020-11-11 00:01:36 -08:00
Girish Ramakrishnan
625dc7c49b
Add proxyAuth as an addon
2020-11-10 16:50:36 -08:00
Girish Ramakrishnan
71666a028b
add support for protected sites
...
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
https://gock.net/blog/2020/nginx-subrequest-authentication-server/
https://github.com/andygock/auth-server
2020-11-10 01:06:39 -08:00
Girish Ramakrishnan
0f9168052a
nginx: add separate endpoint for ip/setup screens
...
'setup' endpoint for setup/restore. we show the setup wizard.
'ip' endpoint is post activation. we show a splash screen here.
Also, the https://ip will not respond to any api calls anymore
(since this will leak the admin fqdn otherwise).
We should probably make this customizable at some point.
Fixes #739
2020-09-23 23:07:40 -07:00
Girish Ramakrishnan
eb47476c83
collectd: remove nginx status collection
...
we don't use this at all
2020-09-23 16:09:46 -07:00
Girish Ramakrishnan
8b5c7d3d87
make http redirect to https://final-destination
2020-09-02 18:56:22 -07:00
Girish Ramakrishnan
b14b5f141b
Hide nginx version
2020-07-13 09:27:57 -07:00
Johannes Zellner
a481ceac8c
Allow larger file uploads for filemanager
2020-07-10 18:23:55 +02:00
Girish Ramakrishnan
6648f41f3d
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive
2020-06-30 16:00:52 -07:00
Girish Ramakrishnan
7eafa661fe
check .well-known presence upstream
...
this is required for apps like nextcloud which have caldav/cardav
routes
2020-04-15 16:56:41 -07:00
Girish Ramakrishnan
2fe323e587
remove bogus internal route
2020-04-14 23:11:44 -07:00
Girish Ramakrishnan
b3496e1354
Add ECDHE-RSA-AES128-SHA256 to cipher list
...
one of our users had the site reverse proxied. it broke after the
5.1 cipher change and they nailed it down to using this cipher.
https://security.stackexchange.com/questions/72926/is-tls-ecdhe-rsa-with-aes-128-cbc-sha256-a-safe-cipher-suite-to-use
says this is safe
The following prints the cipher suite:
log_format combined2 '$remote_addr - [$time_local] '
'$ssl_protocol/$ssl_cipher '
'"$request" $status $body_bytes_sent $request_time '
'"$http_referer" "$host" "$http_user_agent"';
2020-04-10 09:49:06 -07:00
Girish Ramakrishnan
2efa0aaca4
serve custom well-known documents via nginx
2020-04-09 00:15:56 -07:00
Girish Ramakrishnan
7d7df5247b
Update cipher suite based on ssl-config recommendation
...
ssl_prefer_server_ciphers off is the recommendation since the cpihers
are deprecated
https://serverfault.com/questions/997614/setting-ssl-prefer-server-ciphers-directive-in-nginx-config
2020-03-24 19:24:58 -07:00
Girish Ramakrishnan
f99450d264
Enable TLSv1.3 and remove TLSv1 and 1.1
...
IE10 does not have 1.2, so maybe we can risk it
As per Android documentaion TLS 1.2 is fully supported after API level 20/Android 5(Lolipop)
https://discussions.qualys.com/thread/17020-tls-12-support-for-android-devices
https://www.ryandesignstudio.com/what-is-tls/
2020-03-24 14:37:08 -07:00
Girish Ramakrishnan
46ede3d60d
search for request_uri in try_files
...
this lets us put images in app_not_responding.html
2020-03-06 17:01:48 -08:00
Girish Ramakrishnan
25ef5ab636
Move custom pages to a subdirectory
2020-02-05 11:42:17 -08:00
Girish Ramakrishnan
763e14f55d
Make app error page customizable
2020-02-04 17:52:30 -08:00
Girish Ramakrishnan
6dc2e1aa14
Do not show error page for 503
...
WP maintenance mode plugin will return 503
2020-01-13 15:00:18 -08:00
Girish Ramakrishnan
8878bc4bf9
frameAncestors -> csp
...
It seems we cannot separate frame ancestors from CSP because the hide
header just hides everything and not a specific resource. This means
that the user has to set or unset the full policy whole sale.
2019-10-14 17:12:01 -07:00
Girish Ramakrishnan
9997cbddb8
Do not escape as html
2019-10-14 16:03:57 -07:00
Girish Ramakrishnan
9c12f1fe15
Add field to configure the reverse proxy
...
part of #596
2019-10-14 15:05:25 -07:00
Girish Ramakrishnan
488763fc42
rename appconfig to nginxconfig
2019-10-13 17:08:33 -07:00
