Commit Graph

218 Commits

Author SHA1 Message Date
Daniel Micay
218927ac6e switch to certbot webroot plugin 2022-02-19 08:17:14 -05:00
Daniel Micay
5571abff90 remove version workaround 2021-12-20 13:14:52 -05:00
Daniel Micay
5041ae9bf5 use Python 3.10 for CI 2021-12-14 18:36:14 -05:00
Daniel Micay
84df782352 improve unset Element version workaround 2021-12-13 11:44:00 -05:00
Daniel Micay
548554be39 set charset in Content-Type header for CSS too 2021-12-10 05:57:45 -05:00
Daniel Micay
525e5f5e9d add workaround for Element version being unset 2021-12-10 05:53:43 -05:00
Daniel Micay
91cb36d7a0 disable legacy X-XSS-Protection feature 2021-12-10 04:31:03 -05:00
Daniel Micay
27934d8d58 set a max connection limit to synapse from nginx 2021-12-03 22:44:24 -05:00
Daniel Micay
cdcd278394 nginx: enable aio_write due to 1.20.2 AIO fix 2021-11-28 19:03:51 -05:00
Daniel Micay
a2bfaef2fc nginx: disable sendfile due to bugs with AIO 2021-11-28 19:01:38 -05:00
Daniel Micay
c008ad5539 add pip to dependabot 2021-11-25 20:39:14 -05:00
Daniel Micay
c4cceaaf24 replace nginx lint workflow 2021-11-25 20:36:23 -05:00
Daniel Micay
8b4e119821 use a temporary directory for nginx configuration 2021-11-25 20:34:35 -05:00
Daniel Micay
43c8ac3c45 add dependabot configuration 2021-11-23 20:27:45 -05:00
Daniel Micay
d44f983d4d set default country code to Canada 2021-11-23 20:17:35 -05:00
Daniel Micay
b172e96897 remove sample feature from configuration 2021-11-23 20:12:27 -05:00
Daniel Micay
7c2425cd50 remove unused webmanifest extension 2021-11-23 20:06:54 -05:00
Daniel Micay
bfcc6b5958 nginx regex: don't capture groups unnecessarily 2021-11-23 20:00:41 -05:00
Daniel Micay
5fcd75f795 rename static_tmp to static-tmp for consistency 2021-11-23 18:45:28 -05:00
Daniel Micay
0ae1a5a9f4 preserve timestamps for zopfli 2021-11-23 18:28:10 -05:00
Daniel Micay
f945befca2 nginx: use syslog for error log 2021-09-07 08:05:23 -04:00
Daniel Micay
19222d2b0a add nginx modules symlink 2021-07-28 00:44:32 -04:00
Daniel Micay
b66981925a update symlink metadata sync call 2021-07-27 22:31:36 -04:00
Daniel Micay
a97dd92eb8 minor improvements to CSP 2021-07-22 00:12:22 -04:00
Daniel Micay
1a6400af4e split brotli and zopfli jobs 2021-07-21 17:46:05 -04:00
Daniel Micay
8a4a3ef0df stop unnecessarily copying mtime for gz output 2021-07-21 16:57:49 -04:00
Daniel Micay
265576f637 compress static files in parallel 2021-07-21 16:43:49 -04:00
Daniel Micay
dc00b338c6 run GitHub workflows on pushes to any branch 2021-07-16 16:08:21 -04:00
Daniel Micay
fa9de7b0e0 disable aio_write temporarily 2021-07-13 23:30:24 -04:00
Daniel Micay
faa1b0a270 permit frames fetching resources for Element CORP 2021-07-13 22:27:38 -04:00
Daniel Micay
e1d5caf206 raise file size limit to 100M 2021-07-13 22:27:12 -04:00
Daniel Micay
25fa8047c8 use matrix.grapheneos.org as the remote 2021-07-11 19:54:32 -04:00
Daniel Micay
6374567f88 rename scripts 2021-07-11 19:51:56 -04:00
Daniel Micay
3e94c41567 remove unused pdf file extension 2021-07-07 04:41:08 -04:00
Daniel Micay
75e800cdab add wasm mime type 2021-07-06 14:13:18 -04:00
Daniel Micay
740b720285 enable brotli/gzip via precompression for Element 2021-07-06 13:53:00 -04:00
Daniel Micay
a653d8bd2f use jemalloc for synapse 2021-07-04 08:27:24 -04:00
Daniel Micay
9074148b6e add gzip/brotli configuration for future use 2021-07-04 03:34:49 -04:00
Daniel Micay
c98929ea0d set manifest-src to 'self' for Element 2021-07-03 08:56:02 -04:00
Daniel Micay
b9adc72a0c remove duplicate Referrer-Policy headers 2021-07-02 11:13:24 -04:00
Daniel Micay
0e8b60b7fe enable AIO via thread pool 2021-06-30 23:17:25 -04:00
Daniel Micay
167c728852 set if_modified_since to more aggressive mode 2021-06-30 22:53:05 -04:00
Daniel Micay
b75070b85c match configuration format of other services 2021-06-29 06:12:19 -04:00
Daniel Micay
9d862cc58d set Referrer-Policy header 2021-06-29 06:07:54 -04:00
Daniel Micay
6d1669c3c2 pass through synapse CSP alongside static one 2021-06-29 06:05:12 -04:00
June
86772f7fea Add GitHub workflow for linting nginx.conf and security-headers.conf
Signed-off-by: June <zanthed@riseup.net>
2021-06-26 02:01:27 -04:00
Daniel Micay
384f37a9f4 add font-src to CSP 2021-06-22 23:51:37 -04:00
Daniel Micay
1cf2da16c9 cleaner nginx status monitoring configuration 2021-06-22 23:43:32 -04:00
Daniel Micay
d4e4cca682 set security headers on error responses too 2021-06-18 20:22:34 -04:00
Daniel Micay
444ad1a982 set up COEP and CORP headers 2021-06-18 20:20:50 -04:00