155 Commits (b3cfa2a1bab25549cac2e93b0643e21904953b6b)

Author	SHA1	Message	Date
sakkiii	ae6caf158a	Added variable matrix_nginx_proxy_request_timeout (#1265) ... * add timeout param for nginx proxy default value matrix_nginx_proxy_request_timeout is 60s * default matrix_nginx_proxy_request_timeout - 60s * few more variables for request timeout * Update nginx.conf.j2 * Update nginx.conf.j2	3 years ago
Michael Collins	2e30802b87	use group variables instead	3 years ago
Michael Collins	8238d65e5f	simplify template conditional	3 years ago
Michael Collins	bfb61e776e	GMH v0.5.7... maybe!	3 years ago
Slavi Pantaleev	4105ba854b	Merge pull request #1147 from datenkollektiv-net/allow-custom-federation-fqn ... Make federation domain customizable	3 years ago
JokerGermany	9345d840be	root path for the base domain is wrong (#1189) ... * root path for the base domain * Fix path when running in a container Co-authored-by: Slavi Pantaleev <slavi@devture.com>	3 years ago
Slavi Pantaleev	6294e58304	Fix Content-Security-Policy for Element ... Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154 According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy, having both a header and the `<meta>`-tag provided by Element itself is not a problem. The 2 CSP policies get combined.	3 years ago
oxmie	5df4d68829	Make federation domain customizable	3 years ago
sakkiii	0217644b48	Content-Security-Policy For Element Web ... https://github.com/vector-im/element-web#configuration-best-practices	3 years ago
Slavi Pantaleev	4880dcceb0	Fix OCSP-stapling-related errors due to missing resolver ... Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	4 years ago
Slavi Pantaleev	1ed0857019	Fix syntax error ... Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024	4 years ago
sakkiii	4a4a7f136e	changes added to hydrogen client	4 years ago
sakkiii	25e67b51d1	Merge branch 'spantaleev:master' into master	4 years ago
sakkiii	3436f9c10a	rename to matrix_nginx_proxy_hsts_preload_enabled	4 years ago
sakkiii	df2d91970d	matrix_nginx_proxy_xss_protection	4 years ago
Slavi Pantaleev	6f80292745	Add OCSP stapling support and other SSL optimizations to Hydrogen vhost ... Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061 and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	4 years ago
Aaron Raimist	04548f8df2	Merge branch 'master' into hydrogen	4 years ago
Aaron Raimist	9437f78c9e	Build using custom config.json, add CSP, update to 0.1.53	4 years ago
sakkiii	e9b878b9e9	Optimize SSL session	4 years ago
Slavi Pantaleev	e6afa05f7b	Enable OCSP stapling for the federation port ... Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057 Not sure if this is beneficial though.	4 years ago
Slavi Pantaleev	57a6a98a50	Fix incorrect SSL certificate path ... Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	4 years ago
Slavi Pantaleev	b9c4e8ce16	Merge pull request #1057 from sakkiii/ssl_staple ... Enable OCSP Stapling	4 years ago
sakkiii	d31b55b2a7	SSL-enabled block only	4 years ago
Slavi Pantaleev	e4dd933cf0	Make missing /_synapse/admin correctly return 404 responses ... Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058 We may try to capture such calls and return a friendlier response (HTML or JSON) saying "The Synapse Admin API is not enabled", but that may not be desirable. For now, we stick to what "upstream" recommends: "simply don't proxy these APIs", which should lead to the same kind of 404 that we have now. See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)	4 years ago
sakkiii	c05021640d	Enable OCSP Stapling	4 years ago
Aaron Raimist	ca361af616	Add Hydrogen	4 years ago
sakkiii	29cf6a0087	Merge branch 'spantaleev:master' into master	4 years ago
sakkiii	bb0810302d	Merge branch 'spantaleev:master' into master	4 years ago
Béla Becker	b10655ebb1	Jitsi XMPP Websocket support ... Jitsi-meet enabled websockets by default, claiming better reliability. Matrix-nginx-proxy configuration has been set up according to the Prosody documentation: https://prosody.im/doc/websocket	4 years ago
sakkiii	40fe6bd5c1	variable matrix_nginx_proxy_hsts_preload_enable added	4 years ago
Slavi Pantaleev	389dc26615	Fix Synapse generic worker balancing ... Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022	4 years ago
sakkiii	5b4fdf9b87	Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy	4 years ago
sakkiii	0ccf0fbf1c	HSTS preload + X-XSS enables ... **HSTS Preloading:** In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers: `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` **X-Xss-Protection:** `1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.	4 years ago
sakkiii	3564635f0f	Merge branch 'master' into master	4 years ago
sakkiii	29bba5161b	Element More security headers ... More Production ready nginx headers for Matrix client element.	4 years ago
Slavi Pantaleev	e00ef04b57	Add opt-out-of-FLoC headers by default	4 years ago
Slavi Pantaleev	4a1739f604	Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version ... Don't expose nginx version with each response	4 years ago
teutat3s	2bf7c26cfa	Don't expose nginx version with each response	4 years ago
sakkiii	1958d0792d	Update matrix-client-element.conf.j2	4 years ago
sakkiii	b6d45c5fd8	Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy	4 years ago
sakkiii	05042f5ff1	Improve security grafana ... - duplicate X-Content-Type-Options - X-Frame-Options header - Referrer-Policy [Might consider adding variable] - Secure flag with cookies - matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)	4 years ago
sakkiii	5dc642ace1	Nginx element web: XSS protection & nosniff header ... X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers. X-Content-Type-Options: nosniff header, to disable MIME sniffing	4 years ago
Christoph Johannes Kleine	fcd66b2889	rename variables	4 years ago
Christoph Johannes Kleine	3a772f2f65	matrix-nginx-proxy: add custom nginx options to nginx.conf.j2	4 years ago
Slavi Pantaleev	9a0222fa47	Add Sygnal support ... Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683	4 years ago
Aaron Raimist	32b3650c12	Set X-Forwarded-Proto on federation requests	4 years ago
Slavi Pantaleev	011e95c1d2	Merge pull request #893 from GoMatrixHosting/master ... matrix-awx - the GoMatrixHosting v0.3.0 initial PR	4 years ago
Yannick Goossens	51e2547484	Added support for the Go-NEB bot	4 years ago
Slavi Pantaleev	9b72384df7	Upgrade Synapse (1.28.0 -> 1.29.0)	4 years ago
Slavi Pantaleev	f0698ee641	Do not overwrite X-Forwarded-For when reverse-proxying to Synapse ... We have a flow like this: 1. matrix.DOMAIN vhost (matrix-domain.conf) 2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled 3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled 4. matrix-synapse container We are setting `X-Forwarded-For` correctly in step #1, but were overwriting it in step #2 with something inaccurate. Not doing anything in step #2 is better than doing the wrong thing. It's probably best if we append another reverse-proxy address there though, although what we're doing now (with this patch) seems to yield the correct result (when matrix-corporal is not enabled). When matrix-corporal is enabled, we still seem to do the wrong thing for some reason. It's something to be fixed later on.	4 years ago