338 Commits

Author SHA1 Message Date
Daniel Micay
701ed6f301 add Permissions-Policy header 2020-10-03 20:53:38 -04:00
Daniel Micay
99b4037444 disable unused publickey-credentials-get feature 2020-09-27 19:10:27 -04:00
Daniel Micay
f59b4f2310 remove unused Feature-Policy speaker directive 2020-09-27 19:07:05 -04:00
Daniel Micay
c0f510be06 handle Feature-Policy standard renaming wake-lock 2020-09-27 18:54:00 -04:00
Daniel Micay
6d04912ef7 drop (unfortunately) obsolete HPKP support 2020-09-27 16:12:11 -04:00
Daniel Micay
4742817919 disable dynamic gzip when using full static gzip 2020-09-26 12:12:09 -04:00
Daniel Micay
27b24277e1 drop usage of report-uri for Expect-CT and CSP
This has proven to be unhelpful and we don't need this kind of reporting
with the simplicity of the site and policies.
2020-07-22 18:41:59 -04:00
Daniel Micay
48d0d85e0c split out connectivitycheck server 2020-07-07 08:51:36 -04:00
Daniel Micay
e119063909 use location block for index redirect 2020-05-14 10:42:24 -04:00
Daniel Micay
a91b23c5da site with broken backlinks supports https now 2020-05-08 06:57:53 -04:00
Daniel Micay
710a026550 nginx: reorder location blocks 2020-05-08 06:55:44 -04:00
Daniel Micay
299c79234d add back workaround for broken backlinks 2020-05-08 06:07:48 -04:00
Daniel Micay
52ef603d59 redirect some mangled backlinks 2020-05-06 18:06:16 -04:00
Daniel Micay
16532c8e20 push CSS for error pages too 2020-04-24 12:54:19 -04:00
Daniel Micay
5f900a3059 make /404 internal too 2020-04-24 11:18:32 -04:00
Daniel Micay
56599f8277 replace 403 errors with 404 errors 2020-04-24 11:18:11 -04:00
Daniel Micay
ddaf5ded8f add initial custom 404 page 2020-04-24 11:18:09 -04:00
Daniel Micay
2343434d83 stop pinning IdenTrust root that's on the way out 2020-04-19 19:20:43 -04:00
Daniel Micay
5a5127845a nginx: mark static brotli files as internal too 2020-04-19 08:28:47 -04:00
Daniel Micay
99f3f8637e nginx: mark static gzip files as internal 2020-04-19 08:28:42 -04:00
Daniel Micay
539b97e347 remove try_files usage for txt/xml 2020-04-18 23:16:49 -04:00
Daniel Micay
abf3087ae6 add mta-sts.mail.grapheneos.org 2020-04-15 18:17:32 -04:00
Daniel Micay
eb1566f6a1 switch HPKP backup pins 2020-04-07 14:39:56 -04:00
Daniel Micay
ef179138fa certbot-ocsp-fetcher for reliable OCSP stapling 2020-04-05 04:13:05 -04:00
Daniel Micay
0f6e927908 use HTTP/2 server push for render blocking CSS 2020-04-03 05:11:15 -04:00
Daniel Micay
d7c4cc9127 fix typo 2020-04-02 14:32:00 -04:00
Daniel Micay
c77c3b1c1c add security headers for www redirect over HTTPS 2020-04-02 11:54:41 -04:00
Daniel Micay
9b99a3d8d9 add HTTP /generate_204 endpoint 2020-04-02 04:23:15 -04:00
Daniel Micay
3e4ee0cb28 move nginx https setup into a snippet 2020-04-01 10:30:30 -04:00
Daniel Micay
ba080193c8 reorganize nginx configuration 2020-04-01 10:28:54 -04:00
Daniel Micay
fcb0d84373 split out virtual server for www subdomain 2020-04-01 10:06:05 -04:00
Daniel Micay
bab50f098f split out virtual server for /generate_204 service 2020-04-01 09:55:13 -04:00
Daniel Micay
4590363b85 reorganize nginx configuration 2020-04-01 09:50:35 -04:00
Daniel Micay
3bb6e98151 use a default location block 2020-04-01 09:46:27 -04:00
Daniel Micay
5a923bd1bb remove obsolete HPKP report-uri URL 2020-04-01 08:47:16 -04:00
Daniel Micay
2178ea6f47 set charset 2020-04-01 05:32:39 -04:00
Daniel Micay
020f32ce73 use static gzip 2020-04-01 04:20:47 -04:00
Daniel Micay
9c1ebdd0d8 add nginx configuration 2020-04-01 03:12:09 -04:00