| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-07-18 | Actually fix with forward slashes being restricted inside nickname | Sean King | |
| 2022-07-17 | Don't accept forward slash character for nicknames | Sean King | |
| 2022-07-16 | Document way to do notice compatibility routes with Nginx reverse-proxy instead | Sean King | |
| 2020-11-17 | Remove FedSockets | rinpatch | |
| Current FedSocket implementation has a bunch of problems. It doesn't have proper error handling (in case of an error the server just doesn't respond until the connection is closed, while the client doesn't match any error messages and just assumes there has been an error after 15s) and the code is full of bad descisions (see: fetch registry which uses uuids for no reason and waits for a response by recursively querying a ets table until the value changes, or double JSON encoding). Sometime ago I almost completed rewriting fedsockets from scrach to adress these issues. However, while doing so, I realized that fedsockets are just too overkill for what they were trying to accomplish, which is reduce the overhead of federation by not signing every message. This could be done without reimplementing failure states and endpoint logic we already have with HTTP by, for example, using TLS cert auth, or switching to a more performant signature algorithm. I opened https://git.pleroma.social/pleroma/pleroma/-/issues/2262 for further discussion on alternatives to fedsockets. From discussions I had with other Pleroma developers it seems like they would approve the descision to remove them as well, therefore I am submitting this patch. | |||
| 2020-09-21 | Use an upstream for reverse proxy so future modifications are simplified | Mark Felder | |
| 2020-09-21 | Most proxy settings can be global | Mark Felder | |
| 2020-09-21 | Remove duplicate setting | Mark Felder | |
| 2020-09-21 | Add FedSockets config | Mark Felder | |
| 2020-06-12 | Update pleroma.nginx to support TLSv1.3 | normandy | |
| Based on SSL config from https://ssl-config.mozilla.org/ | |||
| 2020-03-13 | Do not strip Cache-Control headers from media. Trust the Pleroma backend. | Mark Felder | |
| 2019-09-27 | Add `remote_ip` plug | minibikini | |
| 2019-08-30 | Fix missing changes in pleroma/pleroma!1197 | kPherox | |
| 2019-06-23 | Remove sudo in the nginx config command example | rinpatch | |
| 2019-06-22 | Fix the webroot method in the nginx config | rinpatch | |
| 2019-06-21 | Fix nginx webroot method config | rinpatch | |
| 2019-05-23 | explicitly set reverse proxy upstream to IPv4 | Alfie Pates | |
| since Pleroma.Web.Endpoint binds on IPv4 only and `localhost.` resolves to [::0] on some systems fixes #930. | |||
| 2019-04-12 | Merge branch 'ssl_trusted_cert' into 'develop' | lambda | |
| ssl_trusted_certificate should point to chain.pem if we're demonstrating... See merge request pleroma/pleroma!996 | |||
| 2019-03-31 | ssl_trusted_certificate should point to chain.pem if we're demonstrating ↵ | Horsemans | |
| LetsEncrypt: https://community.letsencrypt.org/t/howto-ocsp-stapling-for-nginx/13611/5 | |||
| 2019-02-26 | need to put back ipv4 listen instruct | Kenneth Zhao | |
| 2019-02-25 | Add ipv6 handling to pleroma.nginx | PEA | |
| Replaces `listen 80` with `listen [::]:80`, same with 443 | |||
| 2019-02-09 | Recommend the acme-challenge path that is used in the installation guides | shibayashi | |
| 2019-01-10 | Fix nginx caching issues | Mark Felder | |
| Nginx is currently not caching data because proxy_buffering needs to be enabled for caching to work at all, and we are receiving a Cache-Control header from Pleroma that states "max-age=0, private, must-revalidate" Even disregarding the Cache-Control header that should actually be set to "public, max-age=1209600" as defined in the reverse_proxy code, we don't want to obey this header at all as it overrides our Nginx caching rules. | |||
| 2018-12-12 | proxy buffering still needs to be off | Mark Felder | |
| 2018-12-12 | Update proxy config to improve behavior and allow compatibility with Safari ↵ | Mark Felder | |
| on MacOS and iOS | |||
| 2018-11-30 | reverse_proxy: more headers | href | |
| 2018-11-11 | example configs: kill STS/CT headers | William Pitcock | |
| 2018-11-11 | example configs: remove obsolete CSP configuration | William Pitcock | |
| 2018-11-11 | nginx example config: remove CORS headers, now managed by CORSPlug. | William Pitcock | |
| 2018-11-06 | Merge branch 'patch-2' into 'develop' | kaniini | |
| Remove Access-Control-Allow-Origin in pleroma.nginx See merge request pleroma/pleroma!424 | |||
| 2018-11-05 | Remove Access-Control-Allow-Origin | Hakaba Hitoyo | |
| 2018-11-04 | Use example.tld so a single search and replace works | shibayashi | |
| 2018-11-03 | Use the same example domain in all config examples | shibayashi | |
| 2018-11-03 | Use the server name as variable | shibayashi | |
| 2018-09-28 | Relax form-action content security policy | barrucadu | |
| 'self' only allows forms submitted to the same origin, which breaks the "remote follow" form. To allow remote following, we want to allow forms to be submitted to any host. | |||
| 2018-08-30 | Add frame-ancestors 'none' to all configs | shibayashi | |
| 2018-08-29 | installation/pleroma.nginx: Add 'always' to the security headers, so that ↵ | shibayashi | |
| they are included regardless of the status code | |||
| 2018-08-28 | installation/pleroma.nginx: Add Content-Security-Policy | Haelwenn (lanodan) Monnier | |
| Closes: https://git.pleroma.social/pleroma/pleroma/issues/266 | |||
| 2018-06-16 | Add comment about TLS curves for older servers. | Artik Banana | |
| 2018-06-13 | * fix nginx 1.15 warning: | dex | |
| nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead | |||
| 2018-06-11 | * Removed TLSv1 and TLSv1.1 | Artik Banana | |
| * Added OCSP Stapling * Added SSL Cache * Changed ciphers * Specified ECDH curves | |||
| 2018-06-11 | Security upgrades: | Artik Banana | |
| * Removed TLSv1 and TLSv1.1 * Added OCSP Stapling * Added SSL Cache * Changed ciphers * Specified ECDH curves | |||
| 2018-05-28 | Update pleroma.nginx | Dominik V. Salonen | |
| proxy_ignore_client_abort will continue to fetch from upstream even if a client aborts the connection. This is highly recommended when cache is being used. If a client leaves/refreshes the page while a user's avatar or some other media is halfway loaded, the cached copy might in some cases be broken. Leaving future requests to the same URL broken until cache expires. | |||
| 2018-05-23 | Repair some access-control headers required for third-party webclients | Niklas Poslovski | |
| 2018-05-22 | Add access-control-expose-headers to Nginx default config | Niklas Poslovski | |
| 2018-05-06 | Added headers for a more secure default. | Artik Banana | |
| 2018-04-20 | Add info about certbot with the webroot plugin to pleroma.nginx | csaurus | |
| 2018-04-08 | Fix max upload size in nginx config. | Hector A. Escobedo | |
| The built-in nginx default does not allow users to upload images larger than 1 MB. This increases the maximum request size to match the default Pleroma config upload_limit parameter. Some helpful comments were also added. | |||
| 2018-04-01 | nginx: document how to enable CORS support | William Pitcock | |
| 2018-03-28 | Update pleroma.nginx | lambda | |
| 2018-03-08 | Update pleroma.nginx | lambda | |
 |
index : pleroma.git | |
| [no description] |
| aboutsummaryrefslogtreecommitdiff |