aboutsummaryrefslogtreecommitdiff
path: root/installation/pleroma.nginx
AgeCommit message (Collapse)Author
2020-06-12Update pleroma.nginx to support TLSv1.3normandy
Based on SSL config from https://ssl-config.mozilla.org/
2020-03-13Do not strip Cache-Control headers from media. Trust the Pleroma backend.Mark Felder
2019-09-27Add `remote_ip` plugminibikini
2019-08-30Fix missing changes in pleroma/pleroma!1197kPherox
2019-06-23Remove sudo in the nginx config command examplerinpatch
2019-06-22Fix the webroot method in the nginx configrinpatch
2019-06-21Fix nginx webroot method configrinpatch
2019-05-23explicitly set reverse proxy upstream to IPv4Alfie Pates
since Pleroma.Web.Endpoint binds on IPv4 only and `localhost.` resolves to [::0] on some systems fixes #930.
2019-04-12Merge branch 'ssl_trusted_cert' into 'develop'lambda
ssl_trusted_certificate should point to chain.pem if we're demonstrating... See merge request pleroma/pleroma!996
2019-03-31ssl_trusted_certificate should point to chain.pem if we're demonstrating ↵Horsemans
LetsEncrypt: https://community.letsencrypt.org/t/howto-ocsp-stapling-for-nginx/13611/5
2019-02-26need to put back ipv4 listen instructKenneth Zhao
2019-02-25Add ipv6 handling to pleroma.nginxPEA
Replaces `listen 80` with `listen [::]:80`, same with 443
2019-02-09Recommend the acme-challenge path that is used in the installation guidesshibayashi
2019-01-10Fix nginx caching issuesMark Felder
Nginx is currently not caching data because proxy_buffering needs to be enabled for caching to work at all, and we are receiving a Cache-Control header from Pleroma that states "max-age=0, private, must-revalidate" Even disregarding the Cache-Control header that should actually be set to "public, max-age=1209600" as defined in the reverse_proxy code, we don't want to obey this header at all as it overrides our Nginx caching rules.
2018-12-12proxy buffering still needs to be offMark Felder
2018-12-12Update proxy config to improve behavior and allow compatibility with Safari ↵Mark Felder
on MacOS and iOS
2018-11-30reverse_proxy: more headershref
2018-11-11example configs: kill STS/CT headersWilliam Pitcock
2018-11-11example configs: remove obsolete CSP configurationWilliam Pitcock
2018-11-11nginx example config: remove CORS headers, now managed by CORSPlug.William Pitcock
2018-11-06Merge branch 'patch-2' into 'develop'kaniini
Remove Access-Control-Allow-Origin in pleroma.nginx See merge request pleroma/pleroma!424
2018-11-05Remove Access-Control-Allow-OriginHakaba Hitoyo
2018-11-04Use example.tld so a single search and replace worksshibayashi
2018-11-03Use the same example domain in all config examplesshibayashi
2018-11-03Use the server name as variableshibayashi
2018-09-28Relax form-action content security policybarrucadu
'self' only allows forms submitted to the same origin, which breaks the "remote follow" form. To allow remote following, we want to allow forms to be submitted to any host.
2018-08-30Add frame-ancestors 'none' to all configsshibayashi
2018-08-29installation/pleroma.nginx: Add 'always' to the security headers, so that ↵shibayashi
they are included regardless of the status code
2018-08-28installation/pleroma.nginx: Add Content-Security-PolicyHaelwenn (lanodan) Monnier
Closes: https://git.pleroma.social/pleroma/pleroma/issues/266
2018-06-16Add comment about TLS curves for older servers.Artik Banana
2018-06-13* fix nginx 1.15 warning:dex
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead
2018-06-11* Removed TLSv1 and TLSv1.1Artik Banana
* Added OCSP Stapling * Added SSL Cache * Changed ciphers * Specified ECDH curves
2018-06-11Security upgrades:Artik Banana
* Removed TLSv1 and TLSv1.1 * Added OCSP Stapling * Added SSL Cache * Changed ciphers * Specified ECDH curves
2018-05-28Update pleroma.nginxDominik V. Salonen
proxy_ignore_client_abort will continue to fetch from upstream even if a client aborts the connection. This is highly recommended when cache is being used. If a client leaves/refreshes the page while a user's avatar or some other media is halfway loaded, the cached copy might in some cases be broken. Leaving future requests to the same URL broken until cache expires.
2018-05-23Repair some access-control headers required for third-party webclientsNiklas Poslovski
2018-05-22Add access-control-expose-headers to Nginx default configNiklas Poslovski
2018-05-06Added headers for a more secure default.Artik Banana
2018-04-20Add info about certbot with the webroot plugin to pleroma.nginxcsaurus
2018-04-08Fix max upload size in nginx config.Hector A. Escobedo
The built-in nginx default does not allow users to upload images larger than 1 MB. This increases the maximum request size to match the default Pleroma config upload_limit parameter. Some helpful comments were also added.
2018-04-01nginx: document how to enable CORS supportWilliam Pitcock
2018-03-28Update pleroma.nginxlambda
2018-03-08Update pleroma.nginxlambda
2018-01-26Merge branch 'feature/cross-origin' into 'develop'lambda
Access-Control-Allow-Origin See merge request pleroma/pleroma!52
2018-01-26Access-Control-Allow-OriginHakaba Hitoyo
2018-01-14Correct pleroma.nginxHakaba Hitoyo
2017-12-11Merge remote-tracking branch 'upstream/develop' into media-proxyhref
2017-12-11nginx sample config, quickly testedhref
2017-12-07Add websocket upgrade to example nginx config.eal
2017-08-16disable sslv3Henry Jameson
2017-08-08First attempt at installation documentationHenry Jameson
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-23 23:30:57 +0000