Commit graph

14 commits

Author SHA1 Message Date
Claire
5154acdb9f Add hardened headers to user-uploaded files (#25756) 2023-07-06 14:31:37 +02:00
Eugen Rochko
1d2a941bc8 Change media upload limits and remove client-side resizing (#23726) 2023-03-25 10:00:03 +01:00
keiya
4ee9d2381e Fix nginx location matching (#20198) 2022-11-09 04:12:57 +01:00
Rob Petti
9cc859808e allow /api/v1/streaming to be used as per documentation (#19896) 2022-11-07 03:16:44 +01:00
Yurii Izorkin
87b5ede13a nginx: optimize locations (#19438)
* nginx: optimize locations

* nginx: don't use regex in locations

* nginx: optimize Cache-Control headaers

* nginx: use 404 error_page for missing static files

* nginx: sort locations

* nginx: add missing HSTS header
2022-10-29 15:06:23 +02:00
Shlee
a81c071a45 Remove duplicate HSTS headers from nginx.conf (#19018)
* Update nginx.conf

* Update nginx.conf

* Update nginx.conf
2022-10-27 16:58:49 +02:00
LinAGKar
b35edee2c1 Also compress SVG and ICO images in nginx (#17651) 2022-02-26 17:27:11 +01:00
Peter Dave Hello
4f1a4dbd74 Make sure nginx always send HSTS header (#16633)
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308

As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.

Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
2021-08-20 10:54:11 +01:00
Peter Dave Hello
5afd70a728 Disable nginx ssl_session_tickets for better security (#16632)
It's default turned on, but it's better to turn it off for security reason.

Reference:
- https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
- https://github.com/mozilla/server-side-tls/issues/135
2021-08-20 08:15:07 +01:00
Cecylia Bocovich
62b7b4b1d6 Set X-Forwarded-Proto to request scheme (#15310) (#15498)
This fixes a bug that prevents logins to mastodon onion services. The
nginx directive assumed all requests were made over https, causing a
domain mismatch for onion services that have https redirects disabled.
The fix more correctly sets X-Forwarded-Proto to the actual scheme used
in the request.
2021-01-05 22:25:07 +01:00
Shlee
1b698f9760 Update nginx.conf (#13066) 2020-03-08 16:04:25 +01:00
ichi_i
613eb85dc7 Add TLS v1.3 support (#11603)
Maintain TLS v1.2 compatibility (might want to drop this later) and add support for TLS v1.3
2019-08-30 07:42:50 +02:00
Eugen Rochko
403ba71317 Cache error 410 responses in recommended nginx configuration (#10425) 2019-03-30 03:14:31 +01:00
Eugen Rochko
497092aee0 Add nginx and systemd templates (#8770)
So they can be copied during installation instead of looking
them up in the documentation

Make default sidekiq configuration use weighted queues

Remove deprecated docs directory
2018-09-24 16:46:05 +02:00