Slavi Pantaleev
31396f0615
Merge pull request #1295 from nogweii/feat-support-upstream-https-forwarded
...
Support trusting the upstream server when it says the protocol is HTTPS
3 years ago
Aaron Raimist
a676b5358c
Fix hydrogen OCSP typo
...
From 6f80292745
3 years ago
Colin Shea
2578ca4cee
rename matrix_nginx_proxy_x_forwarded_header_value -> matrix_nginx_proxy_x_forwarded_proto_value
3 years ago
Colin Shea
d0cd67044e
replace $scheme with X-Forwarded-Proto when enabled
3 years ago
sakkiii
ae6caf158a
Added variable matrix_nginx_proxy_request_timeout ( #1265 )
...
* add timeout param for nginx proxy
default value matrix_nginx_proxy_request_timeout is 60s
* default matrix_nginx_proxy_request_timeout - 60s
* few more variables for request timeout
* Update nginx.conf.j2
* Update nginx.conf.j2
3 years ago
Michael Collins
2e30802b87
use group variables instead
3 years ago
Michael Collins
8238d65e5f
simplify template conditional
3 years ago
Michael Collins
bfb61e776e
GMH v0.5.7... maybe!
3 years ago
Slavi Pantaleev
4105ba854b
Merge pull request #1147 from datenkollektiv-net/allow-custom-federation-fqn
...
Make federation domain customizable
3 years ago
JokerGermany
9345d840be
root path for the base domain is wrong ( #1189 )
...
* root path for the base domain
* Fix path when running in a container
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
3 years ago
Slavi Pantaleev
6294e58304
Fix Content-Security-Policy for Element
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154
According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined.
3 years ago
oxmie
5df4d68829
Make federation domain customizable
3 years ago
sakkiii
0217644b48
Content-Security-Policy For Element Web
...
https://github.com/vector-im/element-web#configuration-best-practices
4 years ago
Slavi Pantaleev
4880dcceb0
Fix OCSP-stapling-related errors due to missing resolver
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Slavi Pantaleev
1ed0857019
Fix syntax error
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024
4 years ago
sakkiii
4a4a7f136e
changes added to hydrogen client
4 years ago
sakkiii
25e67b51d1
Merge branch 'spantaleev:master' into master
4 years ago
sakkiii
3436f9c10a
rename to matrix_nginx_proxy_hsts_preload_enabled
4 years ago
sakkiii
df2d91970d
matrix_nginx_proxy_xss_protection
4 years ago
Slavi Pantaleev
6f80292745
Add OCSP stapling support and other SSL optimizations to Hydrogen vhost
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Aaron Raimist
04548f8df2
Merge branch 'master' into hydrogen
4 years ago
Aaron Raimist
9437f78c9e
Build using custom config.json, add CSP, update to 0.1.53
4 years ago
sakkiii
e9b878b9e9
Optimize SSL session
4 years ago
Slavi Pantaleev
e6afa05f7b
Enable OCSP stapling for the federation port
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
Not sure if this is beneficial though.
4 years ago
Slavi Pantaleev
57a6a98a50
Fix incorrect SSL certificate path
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
4 years ago
Slavi Pantaleev
b9c4e8ce16
Merge pull request #1057 from sakkiii/ssl_staple
...
Enable OCSP Stapling
4 years ago
sakkiii
d31b55b2a7
SSL-enabled block only
4 years ago
Slavi Pantaleev
e4dd933cf0
Make missing /_synapse/admin correctly return 404 responses
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)
4 years ago
sakkiii
c05021640d
Enable OCSP Stapling
4 years ago
Aaron Raimist
ca361af616
Add Hydrogen
4 years ago
sakkiii
29cf6a0087
Merge branch 'spantaleev:master' into master
4 years ago
sakkiii
bb0810302d
Merge branch 'spantaleev:master' into master
4 years ago
Béla Becker
b10655ebb1
Jitsi XMPP Websocket support
...
Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket
4 years ago
sakkiii
40fe6bd5c1
variable matrix_nginx_proxy_hsts_preload_enable added
4 years ago
Slavi Pantaleev
389dc26615
Fix Synapse generic worker balancing
...
Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022
4 years ago
sakkiii
5b4fdf9b87
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
4 years ago
sakkiii
0ccf0fbf1c
HSTS preload + X-XSS enables
...
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts ) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
4 years ago
sakkiii
3564635f0f
Merge branch 'master' into master
4 years ago
sakkiii
29bba5161b
Element More security headers
...
More Production ready nginx headers for Matrix client element.
4 years ago
Slavi Pantaleev
e00ef04b57
Add opt-out-of-FLoC headers by default
4 years ago
Slavi Pantaleev
4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version
...
Don't expose nginx version with each response
4 years ago
teutat3s
2bf7c26cfa
Don't expose nginx version with each response
4 years ago
sakkiii
1958d0792d
Update matrix-client-element.conf.j2
4 years ago
sakkiii
b6d45c5fd8
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
4 years ago
sakkiii
05042f5ff1
Improve security grafana
...
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy )
4 years ago
sakkiii
5dc642ace1
Nginx element web: XSS protection & nosniff header
...
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
4 years ago
Christoph Johannes Kleine
fcd66b2889
rename variables
4 years ago
Christoph Johannes Kleine
3a772f2f65
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
4 years ago
Slavi Pantaleev
9a0222fa47
Add Sygnal support
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
4 years ago
Aaron Raimist
32b3650c12
Set X-Forwarded-Proto on federation requests
4 years ago