matrix-docker-ansible-deploy

Commit Graph

Author	SHA1	Message	Date
Slavi Pantaleev	4105ba854b	Merge pull request #1147 from datenkollektiv-net/allow-custom-federation-fqn Make federation domain customizable	3 years ago
JokerGermany	9345d840be	root path for the base domain is wrong (#1189 ) * root path for the base domain * Fix path when running in a container Co-authored-by: Slavi Pantaleev <slavi@devture.com>	3 years ago
sakkiii	7a51268dfc	Upgrade certbot & nginx Upgrade certbot (v1.16.0 -> v1.17.0) nginx (1.21.0 -> 1.21.1)	3 years ago
Slavi Pantaleev	6294e58304	Fix Content-Security-Policy for Element Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154 According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy, having both a header and the `<meta>`-tag provided by Element itself is not a problem. The 2 CSP policies get combined.	3 years ago
oxmie	5df4d68829	Make federation domain customizable	3 years ago
sakkiii	0217644b48	Content-Security-Policy For Element Web https://github.com/vector-im/element-web#configuration-best-practices	3 years ago
Slavi Pantaleev	963f38ee7b	Upgrade certbot (v1.14.0 -> v1.16.0)	4 years ago
pushytoxin	bee14550ab	Fix local/bin scripts autocompletion by adding rx perms to everyone It's mildly annoying when trying to execute these scripts while logged in as a regular user, as the missing execute permissions will hinder autocompletion even when trying to use with sudo. These shell scripts don't contain secrets, but may fail when ran by a regular user. The failure is due to the lack of access to the /matrix directory, and does not result in any damage.	4 years ago
Slavi Pantaleev	4880dcceb0	Fix OCSP-stapling-related errors due to missing resolver Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	4 years ago
rakshazi	4ddd8bbb84	Updated nginx-proxy (1.20.0 -> 1.21.0)	4 years ago
Slavi Pantaleev	1ed0857019	Fix syntax error Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024	4 years ago
sakkiii	4a4a7f136e	changes added to hydrogen client	4 years ago
sakkiii	25e67b51d1	Merge branch 'spantaleev:master' into master	4 years ago
sakkiii	3436f9c10a	rename to matrix_nginx_proxy_hsts_preload_enabled	4 years ago
sakkiii	7cc5328ede	Comments & Ref	4 years ago
sakkiii	df2d91970d	matrix_nginx_proxy_xss_protection	4 years ago
Slavi Pantaleev	6f80292745	Add OCSP stapling support and other SSL optimizations to Hydrogen vhost Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061 and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	4 years ago
Slavi Pantaleev	d0de21ab34	Delete Hydrogen nginx configuration file when disabled	4 years ago
Aaron Raimist	04548f8df2	Merge branch 'master' into hydrogen	4 years ago
Aaron Raimist	9437f78c9e	Build using custom config.json, add CSP, update to 0.1.53	4 years ago
sakkiii	e9b878b9e9	Optimize SSL session	4 years ago
Slavi Pantaleev	e6afa05f7b	Enable OCSP stapling for the federation port Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057 Not sure if this is beneficial though.	4 years ago
Slavi Pantaleev	57a6a98a50	Fix incorrect SSL certificate path Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	4 years ago
Slavi Pantaleev	b9c4e8ce16	Merge pull request #1057 from sakkiii/ssl_staple Enable OCSP Stapling	4 years ago
sakkiii	d31b55b2a7	SSL-enabled block only	4 years ago
Slavi Pantaleev	e4dd933cf0	Make missing /_synapse/admin correctly return 404 responses Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058 We may try to capture such calls and return a friendlier response (HTML or JSON) saying "The Synapse Admin API is not enabled", but that may not be desirable. For now, we stick to what "upstream" recommends: "simply don't proxy these APIs", which should lead to the same kind of 404 that we have now. See here: `6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)`	4 years ago
sakkiii	2c3da6599b	Added warning	4 years ago
sakkiii	0dd4459799	matrix_nginx_proxy_ocsp_stapling_enabled variable added	4 years ago
sakkiii	c05021640d	Enable OCSP Stapling	4 years ago
Aaron Raimist	ca361af616	Add Hydrogen	4 years ago
sakkiii	29cf6a0087	Merge branch 'spantaleev:master' into master	4 years ago
sakkiii	bb0810302d	Merge branch 'spantaleev:master' into master	4 years ago
Béla Becker	b10655ebb1	Jitsi XMPP Websocket support Jitsi-meet enabled websockets by default, claiming better reliability. Matrix-nginx-proxy configuration has been set up according to the Prosody documentation: https://prosody.im/doc/websocket	4 years ago
Dan Arnfield	cfaa3e598a	Update nginx (1.19.10 -> 1.20.0)	4 years ago
sakkiii	40fe6bd5c1	variable matrix_nginx_proxy_hsts_preload_enable added	4 years ago
Slavi Pantaleev	389dc26615	Fix Synapse generic worker balancing Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022	4 years ago
sakkiii	5b4fdf9b87	Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy	4 years ago
sakkiii	0ccf0fbf1c	HSTS preload + X-XSS enables HSTS Preloading: In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers: `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` X-Xss-Protection: `1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.	4 years ago
sakkiii	3564635f0f	Merge branch 'master' into master	4 years ago
sakkiii	29bba5161b	Element More security headers More Production ready nginx headers for Matrix client element.	4 years ago
Slavi Pantaleev	d691cc0920	Move variable definition a bit	4 years ago
Slavi Pantaleev	e00ef04b57	Add opt-out-of-FLoC headers by default	4 years ago
Slavi Pantaleev	4a1739f604	Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version Don't expose nginx version with each response	4 years ago
teutat3s	2bf7c26cfa	Don't expose nginx version with each response	4 years ago
sakkiii	1958d0792d	Update matrix-client-element.conf.j2	4 years ago
sakkiii	b6d45c5fd8	Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy	4 years ago
sakkiii	05042f5ff1	Improve security grafana - duplicate X-Content-Type-Options - X-Frame-Options header - Referrer-Policy [Might consider adding variable] - Secure flag with cookies - matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)	4 years ago
sakkiii	5dc642ace1	Nginx element web: XSS protection & nosniff header X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers. X-Content-Type-Options: nosniff header, to disable MIME sniffing	4 years ago
Slavi Pantaleev	c7c137df74	Upgrade nginx and certbot	4 years ago
Ahmad Haghighi	e335f3fc77	rename matrix_global_registry to matrix_container_global_registry_prefix related to #990 Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>	4 years ago

1 2 3 4 5 ...

280 Commits (31244e7fcc6f98c62e4bba09e55df74598e0aa3e)