matrix-docker-ansible-deploy

Commit Graph

Аутор	SHA1	Порука	Датум
sakkiii	ae6caf158a	Added variable matrix_nginx_proxy_request_timeout (#1265 ) * add timeout param for nginx proxy default value matrix_nginx_proxy_request_timeout is 60s * default matrix_nginx_proxy_request_timeout - 60s * few more variables for request timeout * Update nginx.conf.j2 * Update nginx.conf.j2	пре 4 година
Michael Collins	2e30802b87	use group variables instead	пре 4 година
Michael Collins	8238d65e5f	simplify template conditional	пре 4 година
Michael Collins	bfb61e776e	GMH v0.5.7... maybe!	пре 4 година
JokerGermany	9345d840be	root path for the base domain is wrong (#1189 ) * root path for the base domain * Fix path when running in a container Co-authored-by: Slavi Pantaleev <slavi@devture.com>	пре 4 година
Michael-GMH	86e4649578	GoMatrixHosting v0.5.5	пре 4 година
Michael-GMH	03006eb5ab	GoMatrixHosting v0.5.5	пре 4 година
Slavi Pantaleev	6294e58304	Fix Content-Security-Policy for Element Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154 According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy, having both a header and the `<meta>`-tag provided by Element itself is not a problem. The 2 CSP policies get combined.	пре 4 година
oxmie	5df4d68829	Make federation domain customizable	пре 4 година
sakkiii	0217644b48	Content-Security-Policy For Element Web https://github.com/vector-im/element-web#configuration-best-practices	пре 4 година
Michael-GMH	ad7bbd6442	merge upstream	пре 4 година
Slavi Pantaleev	4880dcceb0	Fix OCSP-stapling-related errors due to missing resolver Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	пре 4 година
Michael-GMH	6f40d78353	fix random edits to upstream	пре 4 година
Michael-GMH	85777e8f96	merge with upstream	пре 4 година
Slavi Pantaleev	1ed0857019	Fix syntax error Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024	пре 4 година
sakkiii	4a4a7f136e	changes added to hydrogen client	пре 4 година
sakkiii	3436f9c10a	rename to matrix_nginx_proxy_hsts_preload_enabled	пре 4 година
sakkiii	df2d91970d	matrix_nginx_proxy_xss_protection	пре 4 година
Slavi Pantaleev	6f80292745	Add OCSP stapling support and other SSL optimizations to Hydrogen vhost Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061 and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	пре 4 година
Aaron Raimist	9437f78c9e	Build using custom config.json, add CSP, update to 0.1.53	пре 4 година
sakkiii	e9b878b9e9	Optimize SSL session	пре 4 година
Slavi Pantaleev	e6afa05f7b	Enable OCSP stapling for the federation port Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057 Not sure if this is beneficial though.	пре 4 година
Slavi Pantaleev	57a6a98a50	Fix incorrect SSL certificate path Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057	пре 4 година
sakkiii	d31b55b2a7	SSL-enabled block only	пре 4 година
Slavi Pantaleev	e4dd933cf0	Make missing /_synapse/admin correctly return 404 responses Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058 We may try to capture such calls and return a friendlier response (HTML or JSON) saying "The Synapse Admin API is not enabled", but that may not be desirable. For now, we stick to what "upstream" recommends: "simply don't proxy these APIs", which should lead to the same kind of 404 that we have now. See here: `6660912226/docs/reverse_proxy.md (synapse-administration-endpoints)`	пре 4 година
sakkiii	c05021640d	Enable OCSP Stapling	пре 4 година
Aaron Raimist	ca361af616	Add Hydrogen	пре 4 година
Béla Becker	b10655ebb1	Jitsi XMPP Websocket support Jitsi-meet enabled websockets by default, claiming better reliability. Matrix-nginx-proxy configuration has been set up according to the Prosody documentation: https://prosody.im/doc/websocket	пре 4 година
sakkiii	40fe6bd5c1	variable matrix_nginx_proxy_hsts_preload_enable added	пре 4 година
Slavi Pantaleev	389dc26615	Fix Synapse generic worker balancing Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022	пре 4 година
sakkiii	0ccf0fbf1c	HSTS preload + X-XSS enables HSTS Preloading: In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers: `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` X-Xss-Protection: `1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.	пре 4 година
sakkiii	29bba5161b	Element More security headers More Production ready nginx headers for Matrix client element.	пре 4 година
Michael-GMH	50d7209c5b	GMH v04.3	пре 4 година
Slavi Pantaleev	e00ef04b57	Add opt-out-of-FLoC headers by default	пре 4 година
teutat3s	2bf7c26cfa	Don't expose nginx version with each response	пре 4 година
sakkiii	1958d0792d	Update matrix-client-element.conf.j2	пре 4 година
sakkiii	05042f5ff1	Improve security grafana - duplicate X-Content-Type-Options - X-Frame-Options header - Referrer-Policy [Might consider adding variable] - Secure flag with cookies - matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)	пре 4 година
sakkiii	5dc642ace1	Nginx element web: XSS protection & nosniff header X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers. X-Content-Type-Options: nosniff header, to disable MIME sniffing	пре 5 година
Christoph Johannes Kleine	fcd66b2889	rename variables	пре 5 година
Christoph Johannes Kleine	3a772f2f65	matrix-nginx-proxy: add custom nginx options to nginx.conf.j2	пре 5 година
Slavi Pantaleev	9a0222fa47	Add Sygnal support Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683	пре 5 година
Aaron Raimist	32b3650c12	Set X-Forwarded-Proto on federation requests	пре 5 година
Michael	5a6bdb0c3d	merge upstream	пре 5 година
Yannick Goossens	51e2547484	Added support for the Go-NEB bot	пре 5 година
Slavi Pantaleev	9b72384df7	Upgrade Synapse (1.28.0 -> 1.29.0)	пре 5 година
Slavi Pantaleev	f0698ee641	Do not overwrite X-Forwarded-For when reverse-proxying to Synapse We have a flow like this: 1. matrix.DOMAIN vhost (matrix-domain.conf) 2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled 3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled 4. matrix-synapse container We are setting `X-Forwarded-For` correctly in step #1, but were overwriting it in step #2 with something inaccurate. Not doing anything in step #2 is better than doing the wrong thing. It's probably best if we append another reverse-proxy address there though, although what we're doing now (with this patch) seems to yield the correct result (when matrix-corporal is not enabled). When matrix-corporal is enabled, we still seem to do the wrong thing for some reason. It's something to be fixed later on.	пре 5 година
SierraKiloBravo	0de0716527	Added nginx proxy worker configuration to template and defaults	пре 5 година
Slavi Pantaleev	a25b8135b8	Fix point overlap between matrix-domain and Jitsi Mostly affects people who disable the integrated `matrix-nginx-proxy`. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456 and more specifically `4d62a75f6f`.	пре 5 година
Michael	33ec5710d9	0.2.1 revision	пре 5 година
Slavi Pantaleev	1ef683d366	Make nginx proxy config (when disabled) obey matrix_federation_public_port People who were disabling matrix-nginx-proxy (in favor of their own nginx webserver) and also overriding `matrix_federation_public_port`, found that the generated nginx configuration still hardcoded `8448`, which forced their nginx server to use that, regardless of the fact that `matrix_federation_public_port` was pointing elsewhere. We now allow for the in-container federation port to be configurable, and also automatically wire things properly.	пре 5 година

1 2 3

121 Комити (35153093fcd2c19ae4e758c14df70d3ba0677e31)