kaniini 
								
							 
						 
						
							
							
							
							
								
							
							
								c445c9e125 
								
							 
						 
						
							
							
								
								Merge branch 'fix-nginx-caching' into 'develop'  
							
							... 
							
							
							
							Fix nginx caching issues
See merge request pleroma/pleroma!654  
							
						 
						
							2019-01-14 07:25:08 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								cc3a83a730 
								
							 
						 
						
							
							
								
								Fix nginx caching issues  
							
							... 
							
							
							
							Nginx is currently not caching data because proxy_buffering needs to be
enabled for caching to work at all, and we are receiving a Cache-Control
header from Pleroma that states "max-age=0, private, must-revalidate"
Even disregarding the Cache-Control header that should actually be set
to "public, max-age=1209600" as defined in the reverse_proxy code, we
don't want to obey this header at all as it overrides our Nginx caching
rules. 
							
						 
						
							2019-01-10 21:29:05 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								efaa41fad2 
								
							 
						 
						
							
							
								
								Consistent intentation  
							
							
							
						 
						
							2019-01-10 18:29:36 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								fda942c329 
								
							 
						 
						
							
							
								
								Cache partial objects for 10 minutes  
							
							... 
							
							
							
							This enables caching/streaming of chunked responses 
							
						 
						
							2019-01-10 18:28:14 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								ce224ba5f0 
								
							 
						 
						
							
							
								
								Streaming is enabled by default  
							
							... 
							
							
							
							Support more filetypes for caching static media 
							
						 
						
							2019-01-10 18:23:22 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									kaniini 
								
							 
						 
						
							
							
							
							
								
							
							
								89fbed8821 
								
							 
						 
						
							
							
								
								Merge branch 'systemd-drop-sysadmin-privilege' into 'develop'  
							
							... 
							
							
							
							Security/Drops the sysadmin privilege from the daemon
See merge request pleroma/pleroma!604  
							
						 
						
							2018-12-28 20:14:29 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								64035201b5 
								
							 
						 
						
							
							
								
								Security/Drops the sysadmin privilege from the daemon  
							
							
							
						 
						
							2018-12-28 21:09:48 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									scarlett 
								
							 
						 
						
							
							
							
							
								
							
							
								4b40e4188c 
								
							 
						 
						
							
							
								
								Simplify the NetBSD rc script.  
							
							
							
						 
						
							2018-12-16 13:15:37 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									scarlett 
								
							 
						 
						
							
							
							
							
								
							
							
								9d3eda1959 
								
							 
						 
						
							
							
								
								Add an rc.d script for NetBSD.  
							
							
							
						 
						
							2018-12-16 12:33:50 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									nonlinear 
								
							 
						 
						
							
							
							
							
								
							
							
								75f2177d5b 
								
							 
						 
						
							
							
								
								Update/add OpenBSD config files  
							
							
							
						 
						
							2018-12-15 14:00:00 -08:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									nonlinear 
								
							 
						 
						
							
							
							
							
								
							
							
								04513a13e0 
								
							 
						 
						
							
							
								
								Added init file for OpenBSD  
							
							
							
						 
						
							2018-12-14 13:13:14 -08:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								d56772c813 
								
							 
						 
						
							
							
								
								proxy buffering still needs to be off  
							
							
							
						 
						
							2018-12-12 17:36:00 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								48c4f88ffd 
								
							 
						 
						
							
							
								
								Update proxy config to improve behavior and allow compatibility with Safari on MacOS and iOS  
							
							
							
						 
						
							2018-12-12 17:31:47 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									href 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								97b00d366f 
								
							 
						 
						
							
							
								
								reverse_proxy: more headers  
							
							
							
						 
						
							2018-11-30 18:00:57 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								c3f562a611 
								
							 
						 
						
							
							
								
								Merge branch 'add-MIX_ENV-to-systemd-example' into 'develop'  
							
							... 
							
							
							
							Add MIX_ENV=prod to systemd example file
See merge request pleroma/pleroma!445  
							
						 
						
							2018-11-13 12:24:29 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								124a9bb7a5 
								
							 
						 
						
							
							
								
								Add MIX_ENV=prod  
							
							
							
						 
						
							2018-11-12 23:01:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								e4bd5a6950 
								
							 
						 
						
							
							
								
								example configs: kill STS/CT headers  
							
							
							
						 
						
							2018-11-11 06:56:46 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								057a9017b3 
								
							 
						 
						
							
							
								
								example configs: remove obsolete CSP configuration  
							
							
							
						 
						
							2018-11-11 06:12:26 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								fd918863aa 
								
							 
						 
						
							
							
								
								nginx example config: remove CORS headers, now managed by CORSPlug.  
							
							
							
						 
						
							2018-11-11 05:42:30 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									kaniini 
								
							 
						 
						
							
							
							
							
								
							
							
								e1c40b8ca2 
								
							 
						 
						
							
							
								
								Merge branch 'patch-2' into 'develop'  
							
							... 
							
							
							
							Remove Access-Control-Allow-Origin in pleroma.nginx
See merge request pleroma/pleroma!424  
							
						 
						
							2018-11-06 21:24:16 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Hakaba Hitoyo 
								
							 
						 
						
							
							
							
							
								
							
							
								3ea4f9ac8d 
								
							 
						 
						
							
							
								
								Remove Access-Control-Allow-Origin  
							
							
							
						 
						
							2018-11-05 04:18:43 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								800d233631 
								
							 
						 
						
							
							
								
								Use example.tld so a single search and replace works  
							
							
							
						 
						
							2018-11-04 14:06:18 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								941f9a888c 
								
							 
						 
						
							
							
								
								Update instructions  
							
							
							
						 
						
							2018-11-03 23:59:52 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								732d3fce73 
								
							 
						 
						
							
							
								
								Use the same example domain in all config examples  
							
							
							
						 
						
							2018-11-03 23:44:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								56c49513e0 
								
							 
						 
						
							
							
								
								Use the server name as variable  
							
							
							
						 
						
							2018-11-03 23:41:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								043cb7138e 
								
							 
						 
						
							
							
								
								Add a little bit more detail in the comments.  
							
							
							
						 
						
							2018-10-25 00:57:47 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								0a58428de6 
								
							 
						 
						
							
							
								
								Add some security related directives to the systemd service example  
							
							
							
						 
						
							2018-10-25 00:37:31 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									barrucadu 
								
							 
						 
						
							
							
							
							
								
							
							
								a32e013909 
								
							 
						 
						
							
							
								
								Relax form-action content security policy  
							
							... 
							
							
							
							'self' only allows forms submitted to the same origin, which
breaks the "remote follow" form.  To allow remote following,
we want to allow forms to be submitted to any host. 
							
						 
						
							2018-09-28 22:17:19 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8a4e2f48bf 
								
							 
						 
						
							
							
								
								installation/pleroma-apache.conf: OCSP stapling needs to be outside of the virtualhost directive  
							
							
							
						 
						
							2018-09-03 21:41:21 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d027c53d75 
								
							 
						 
						
							
							
								
								Add frame-ancestors 'none' to all configs  
							
							
							
						 
						
							2018-08-30 11:10:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d035566116 
								
							 
						 
						
							
							
								
								installation/pleroma.nginx: Add 'always' to the security headers, so that they are included regardless of the status code  
							
							
							
						 
						
							2018-08-29 19:00:40 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								64388c420a 
								
							 
						 
						
							
							
								
								installation/pleroma-apache.conf: Add TLS configuration and security headers  
							
							
							
						 
						
							2018-08-29 01:29:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								3487e15963 
								
							 
						 
						
							
							
								
								installation/pleroma.vcl: Add HTTP security headers  
							
							
							
						 
						
							2018-08-29 01:28:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								82e661cd07 
								
							 
						 
						
							
							
								
								installation/caddyfile-pleroma.example: Add Content-Security-Policy  
							
							
							
						 
						
							2018-08-29 01:16:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Haelwenn (lanodan) Monnier 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								0fd2eaf7af 
								
							 
						 
						
							
							
								
								installation/pleroma.nginx: Add Content-Security-Policy  
							
							... 
							
							
							
							Closes: https://git.pleroma.social/pleroma/pleroma/issues/266  
							
						 
						
							2018-08-28 20:54:50 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								bff5ed154f 
								
							 
						 
						
							
							
								
								Improve example Caddyfile  
							
							
							
						 
						
							2018-08-26 03:36:52 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									vaartis 
								
							 
						 
						
							
							
							
							
								
							
							
								9c5ca9e15e 
								
							 
						 
						
							
							
								
								Add an OpenRC service  
							
							
							
						 
						
							2018-08-23 19:34:11 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								394d0c94c4 
								
							 
						 
						
							
							
								
								Add comment about TLS curves for older servers.  
							
							
							
						 
						
							2018-06-16 18:14:05 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									dex 
								
							 
						 
						
							
							
							
							
								
							
							
								750cfbf38d 
								
							 
						 
						
							
							
								
								* fix nginx 1.15 warning:  
							
							... 
							
							
							
							nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead 
							
						 
						
							2018-06-13 09:54:23 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								93c614bf13 
								
							 
						 
						
							
							
								
								* Removed TLSv1 and TLSv1.1  
							
							... 
							
							
							
							* Added OCSP Stapling
* Added SSL Cache
* Changed ciphers
* Specified ECDH curves 
							
						 
						
							2018-06-11 23:01:14 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								c645a8de2b 
								
							 
						 
						
							
							
								
								Security upgrades:  
							
							... 
							
							
							
							* Removed TLSv1 and TLSv1.1
* Added OCSP Stapling
* Added SSL Cache
* Changed ciphers
* Specified ECDH curves 
							
						 
						
							2018-06-11 22:56:54 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									witti 
								
							 
						 
						
							
							
							
							
								
							
							
								13925e0eb3 
								
							 
						 
						
							
							
								
								caddy config example  
							
							
							
						 
						
							2018-06-03 20:13:33 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Dominik V. Salonen 
								
							 
						 
						
							
							
							
							
								
							
							
								a6fd9c4b00 
								
							 
						 
						
							
							
								
								Update pleroma.nginx  
							
							... 
							
							
							
							proxy_ignore_client_abort will continue to fetch from upstream even if a client aborts the connection. This is highly recommended when cache is being used. If a client leaves/refreshes the page while a user's avatar or some other media is halfway loaded, the cached copy might in some cases be broken. Leaving future requests to the same URL broken until cache expires. 
							
						 
						
							2018-05-28 10:36:27 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Niklas Poslovski 
								
							 
						 
						
							
							
							
							
								
							
							
								f0e8194a71 
								
							 
						 
						
							
							
								
								Repair some access-control headers required for third-party webclients  
							
							
							
						 
						
							2018-05-23 08:48:28 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Niklas Poslovski 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d81a4e9280 
								
							 
						 
						
							
							
								
								Add access-control-expose-headers to Nginx default config  
							
							
							
						 
						
							2018-05-22 15:39:29 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								bb864e96ad 
								
							 
						 
						
							
							
								
								Merge branch 'patch-2' into 'develop'  
							
							... 
							
							
							
							Nginx config - secure defaults
See merge request pleroma/pleroma!146  
							
						 
						
							2018-05-13 08:39:37 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								17bcff6445 
								
							 
						 
						
							
							
								
								Merge branch 'feld-varnish' into 'develop'  
							
							... 
							
							
							
							More varnish fixes
See merge request pleroma/pleroma!149  
							
						 
						
							2018-05-13 08:34:58 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Normandy 
								
							 
						 
						
							
							
							
							
								
							
							
								38f5f6f659 
								
							 
						 
						
							
							
								
								Remove alias directive in service file  
							
							... 
							
							
							
							Systemd will complain otherwise. 
							
						 
						
							2018-05-11 05:19:20 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								a85d051675 
								
							 
						 
						
							
							
								
								Don't strip headers from backend for /notice/ either  
							
							
							
						 
						
							2018-05-07 23:44:40 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								4233b1504f 
								
							 
						 
						
							
							
								
								Caching notice URLs does not produce pleasant results  
							
							
							
						 
						
							2018-05-07 23:43:27 +00:00