lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								1b4c4d29a3 
								
							 
						 
						
							
							
								
								Merge branch 'ssl_trusted_cert' into 'develop'  
							
							... 
							
							
							
							ssl_trusted_certificate should point to chain.pem if we're demonstrating...
See merge request pleroma/pleroma!996  
							
						 
						
							2019-04-12 08:58:46 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Horsemans 
								
							 
						 
						
							
							
							
							
								
							
							
								10a9682596 
								
							 
						 
						
							
							
								
								ssl_trusted_certificate should point to chain.pem if we're demonstrating LetsEncrypt:  https://community.letsencrypt.org/t/howto-ocsp-stapling-for-nginx/13611/5  
							
							
							
						 
						
							2019-03-31 16:58:28 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Kenneth Zhao 
								
							 
						 
						
							
							
							
							
								
							
							
								e1bdaaa3fe 
								
							 
						 
						
							
							
								
								need to put back ipv4 listen instruct  
							
							
							
						 
						
							2019-02-26 08:41:37 -08:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									PEA 
								
							 
						 
						
							
							
							
							
								
							
							
								d3a6c065a4 
								
							 
						 
						
							
							
								
								Add ipv6 handling to pleroma.nginx  
							
							... 
							
							
							
							Replaces `listen 80` with `listen [::]:80`, same with 443 
							
						 
						
							2019-02-25 23:37:46 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								1d8b578bb7 
								
							 
						 
						
							
							
								
								Recommend the acme-challenge path that is used in the installation guides  
							
							
							
						 
						
							2019-02-09 23:08:27 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								cc3a83a730 
								
							 
						 
						
							
							
								
								Fix nginx caching issues  
							
							... 
							
							
							
							Nginx is currently not caching data because proxy_buffering needs to be
enabled for caching to work at all, and we are receiving a Cache-Control
header from Pleroma that states "max-age=0, private, must-revalidate"
Even disregarding the Cache-Control header that should actually be set
to "public, max-age=1209600" as defined in the reverse_proxy code, we
don't want to obey this header at all as it overrides our Nginx caching
rules. 
							
						 
						
							2019-01-10 21:29:05 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								d56772c813 
								
							 
						 
						
							
							
								
								proxy buffering still needs to be off  
							
							
							
						 
						
							2018-12-12 17:36:00 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								48c4f88ffd 
								
							 
						 
						
							
							
								
								Update proxy config to improve behavior and allow compatibility with Safari on MacOS and iOS  
							
							
							
						 
						
							2018-12-12 17:31:47 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									href 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								97b00d366f 
								
							 
						 
						
							
							
								
								reverse_proxy: more headers  
							
							
							
						 
						
							2018-11-30 18:00:57 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								e4bd5a6950 
								
							 
						 
						
							
							
								
								example configs: kill STS/CT headers  
							
							
							
						 
						
							2018-11-11 06:56:46 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								057a9017b3 
								
							 
						 
						
							
							
								
								example configs: remove obsolete CSP configuration  
							
							
							
						 
						
							2018-11-11 06:12:26 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								fd918863aa 
								
							 
						 
						
							
							
								
								nginx example config: remove CORS headers, now managed by CORSPlug.  
							
							
							
						 
						
							2018-11-11 05:42:30 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									kaniini 
								
							 
						 
						
							
							
							
							
								
							
							
								e1c40b8ca2 
								
							 
						 
						
							
							
								
								Merge branch 'patch-2' into 'develop'  
							
							... 
							
							
							
							Remove Access-Control-Allow-Origin in pleroma.nginx
See merge request pleroma/pleroma!424  
							
						 
						
							2018-11-06 21:24:16 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Hakaba Hitoyo 
								
							 
						 
						
							
							
							
							
								
							
							
								3ea4f9ac8d 
								
							 
						 
						
							
							
								
								Remove Access-Control-Allow-Origin  
							
							
							
						 
						
							2018-11-05 04:18:43 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								800d233631 
								
							 
						 
						
							
							
								
								Use example.tld so a single search and replace works  
							
							
							
						 
						
							2018-11-04 14:06:18 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								732d3fce73 
								
							 
						 
						
							
							
								
								Use the same example domain in all config examples  
							
							
							
						 
						
							2018-11-03 23:44:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								56c49513e0 
								
							 
						 
						
							
							
								
								Use the server name as variable  
							
							
							
						 
						
							2018-11-03 23:41:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									barrucadu 
								
							 
						 
						
							
							
							
							
								
							
							
								a32e013909 
								
							 
						 
						
							
							
								
								Relax form-action content security policy  
							
							... 
							
							
							
							'self' only allows forms submitted to the same origin, which
breaks the "remote follow" form.  To allow remote following,
we want to allow forms to be submitted to any host. 
							
						 
						
							2018-09-28 22:17:19 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d027c53d75 
								
							 
						 
						
							
							
								
								Add frame-ancestors 'none' to all configs  
							
							
							
						 
						
							2018-08-30 11:10:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d035566116 
								
							 
						 
						
							
							
								
								installation/pleroma.nginx: Add 'always' to the security headers, so that they are included regardless of the status code  
							
							
							
						 
						
							2018-08-29 19:00:40 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Haelwenn (lanodan) Monnier 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								0fd2eaf7af 
								
							 
						 
						
							
							
								
								installation/pleroma.nginx: Add Content-Security-Policy  
							
							... 
							
							
							
							Closes: https://git.pleroma.social/pleroma/pleroma/issues/266  
							
						 
						
							2018-08-28 20:54:50 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								394d0c94c4 
								
							 
						 
						
							
							
								
								Add comment about TLS curves for older servers.  
							
							
							
						 
						
							2018-06-16 18:14:05 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									dex 
								
							 
						 
						
							
							
							
							
								
							
							
								750cfbf38d 
								
							 
						 
						
							
							
								
								* fix nginx 1.15 warning:  
							
							... 
							
							
							
							nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead 
							
						 
						
							2018-06-13 09:54:23 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								93c614bf13 
								
							 
						 
						
							
							
								
								* Removed TLSv1 and TLSv1.1  
							
							... 
							
							
							
							* Added OCSP Stapling
* Added SSL Cache
* Changed ciphers
* Specified ECDH curves 
							
						 
						
							2018-06-11 23:01:14 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								c645a8de2b 
								
							 
						 
						
							
							
								
								Security upgrades:  
							
							... 
							
							
							
							* Removed TLSv1 and TLSv1.1
* Added OCSP Stapling
* Added SSL Cache
* Changed ciphers
* Specified ECDH curves 
							
						 
						
							2018-06-11 22:56:54 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Dominik V. Salonen 
								
							 
						 
						
							
							
							
							
								
							
							
								a6fd9c4b00 
								
							 
						 
						
							
							
								
								Update pleroma.nginx  
							
							... 
							
							
							
							proxy_ignore_client_abort will continue to fetch from upstream even if a client aborts the connection. This is highly recommended when cache is being used. If a client leaves/refreshes the page while a user's avatar or some other media is halfway loaded, the cached copy might in some cases be broken. Leaving future requests to the same URL broken until cache expires. 
							
						 
						
							2018-05-28 10:36:27 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Niklas Poslovski 
								
							 
						 
						
							
							
							
							
								
							
							
								f0e8194a71 
								
							 
						 
						
							
							
								
								Repair some access-control headers required for third-party webclients  
							
							
							
						 
						
							2018-05-23 08:48:28 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Niklas Poslovski 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d81a4e9280 
								
							 
						 
						
							
							
								
								Add access-control-expose-headers to Nginx default config  
							
							
							
						 
						
							2018-05-22 15:39:29 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								0a1fd8adf0 
								
							 
						 
						
							
							
								
								Added headers for a more secure default.  
							
							
							
						 
						
							2018-05-06 14:19:29 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									csaurus 
								
							 
						 
						
							
							
							
							
								
							
							
								1c6a691570 
								
							 
						 
						
							
							
								
								Add info about certbot with the webroot plugin to pleroma.nginx  
							
							
							
						 
						
							2018-04-20 18:43:49 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Hector A. Escobedo 
								
							 
						 
						
							
							
							
							
								
							
							
								7e262c2997 
								
							 
						 
						
							
							
								
								Fix max upload size in nginx config.  
							
							... 
							
							
							
							The built-in nginx default does not allow users to upload images
larger than 1 MB. This increases the maximum request size to match
the default Pleroma config upload_limit parameter. Some helpful
comments were also added. 
							
						 
						
							2018-04-08 11:21:29 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								d8464b603e 
								
							 
						 
						
							
							
								
								nginx: document how to enable CORS support  
							
							
							
						 
						
							2018-04-01 01:28:27 -05:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								f8f3abe1be 
								
							 
						 
						
							
							
								
								Update pleroma.nginx  
							
							
							
						 
						
							2018-03-28 09:34:08 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								060ac6cb95 
								
							 
						 
						
							
							
								
								Update pleroma.nginx  
							
							
							
						 
						
							2018-03-08 18:00:59 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								46c8f79cd7 
								
							 
						 
						
							
							
								
								Merge branch 'feature/cross-origin' into 'develop'  
							
							... 
							
							
							
							Access-Control-Allow-Origin
See merge request pleroma/pleroma!52  
							
						 
						
							2018-01-26 23:30:11 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Hakaba Hitoyo 
								
							 
						 
						
							
							
							
							
								
							
							
								9c0c40cf1e 
								
							 
						 
						
							
							
								
								Access-Control-Allow-Origin  
							
							
							
						 
						
							2018-01-26 22:58:58 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Hakaba Hitoyo 
								
							 
						 
						
							
							
							
							
								
							
							
								aceef36e56 
								
							 
						 
						
							
							
								
								Correct pleroma.nginx  
							
							
							
						 
						
							2018-01-14 10:57:25 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									href 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								9093b2cf49 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'upstream/develop' into media-proxy  
							
							
							
						 
						
							2017-12-11 02:45:28 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									href 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d1806ec07f 
								
							 
						 
						
							
							
								
								nginx sample config, quickly tested  
							
							
							
						 
						
							2017-12-11 02:40:19 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									eal 
								
							 
						 
						
							
							
							
							
								
							
							
								afd0ea37f3 
								
							 
						 
						
							
							
								
								Add websocket upgrade to example nginx config.  
							
							
							
						 
						
							2017-12-07 20:07:51 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Henry Jameson 
								
							 
						 
						
							
							
							
							
								
							
							
								a6e89ae6a3 
								
							 
						 
						
							
							
								
								disable sslv3  
							
							
							
						 
						
							2017-08-16 00:25:26 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Henry Jameson 
								
							 
						 
						
							
							
							
							
								
							
							
								9112eda14f 
								
							 
						 
						
							
							
								
								First attempt at installation documentation  
							
							
							
						 
						
							2017-08-08 02:41:36 +03:00