Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-10-01 04:55:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
115 Commits 1 Branch 0 Tags 1.8 MiB
88d8e37233
Commit Graph

4 Commits

Author SHA1 Message Date
Daniel Micay
88d8e37233 rename nginx service hardening.conf to local.conf 2022-09-26 14:04:45 -04:00
Daniel Micay
afce4f2a51 limit nginx service capabilities 
Running nginx as non-root would be possible via CAP_NET_BIND_SERVICE as
an ambient capability but it would be inherited by workers. It's better
to leave the supervisor process as root for the time being unless nginx
was taught to use socket activation or drop capabilities for workers.
 2022-08-10 11:12:20 -04:00
Daniel Micay
ca7c036e8c sort nginx hardening.conf options 2022-08-10 11:12:20 -04:00
Daniel Micay
316561389c extend nginx service hardening 2022-08-09 04:55:10 -04:00