security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
8,113 Commits 2 Branches 4 Tags
Commit Graph

272 Commits

Author SHA1 Message Date
Daniel Micay
298c357bc9 handle Let's Encrypt removing OCSP support 
We can no longer use OCSP stapling and Must-Staple. These will soon be
obsolete once the `shortlived` profile is available for public use since
it will provide certificates with a similar lifetime as OCSP responses.

In the meantime, we've moved to the `tlsserver` profile stripping legacy
features to prepare for the `shortlived` profile which will be identical
to `tlsserver` but with a validity period of 6 days.
 2025-05-04 23:46:56 -04:00
Daniel Micay
b984f3204c drop comment with minimum nginx version 2025-04-23 19:39:11 -04:00
Daniel Micay
501ee0e087 update ssl_session_ticket_key comment 2024-10-02 21:35:47 -04:00
Daniel Micay
5af1d1fd25 drop redundant comment 2024-10-02 21:27:42 -04:00
sandbank52641
d0cbf321a8 add wake locks to web installer 
Sets wake locks during long-running operations, such as downloading and
flashing the release.

Close: https://github.com/GrapheneOS/grapheneos.org/issues/837
Test: Manual
 2024-09-21 23:07:45 -04:00
Daniel Micay
0b3aaf9e4e add preload for redirect.js on features page 2024-06-28 10:47:56 -04:00
Daniel Micay
537379979b set worker_shutdown_timeout to 1 hour 2024-06-23 12:14:11 -04:00
Daniel Micay
dd09f07d45 add logging for TLS session reuse 2024-04-25 16:02:16 -04:00
Daniel Micay
15cdc9c6a7 use small fixed TCP buffer sizes for non-TLS HTTP 2024-04-25 11:29:51 -04:00
Daniel Micay
983211a7e3 replace deprecated http2 listen parameter 2024-04-24 20:03:31 -04:00
Daniel Micay
b132434929 add redirects for query parameters with static HTML 2024-04-20 13:24:43 -04:00
Daniel Micay
3aedbbdf5d remove extra space 2024-04-13 19:10:36 -04:00
Daniel Micay
886106e5b2 add grapheneos.foundation domain 2024-04-13 19:10:32 -04:00
Daniel Micay
0dbca6bc75 nginx: reset timed out HTTP(S) connections 2024-04-10 17:33:29 -04:00
Daniel Micay
fb8dce4506 include security headers for vanadium.app root 2024-04-08 17:51:25 -04:00
Daniel Micay
6cd5d9353c handle leading double slash for redirect 2024-04-06 16:45:41 -04:00
matchboxbananasynergy
fd14e3123a Redirect from /ubl to new bootloader locking FAQ section 2024-03-31 16:45:35 -04:00
matchboxbananasynergy
063287a256 add redirect from /UBL to FAQ section 2024-03-31 15:54:21 -04:00
Daniel Micay
19cc7a9097 drop legacy UTF-8 replacement character redirect 2024-03-23 10:05:31 -04:00
Daniel Micay
32b684ecec drop unnecessary quotes 2024-03-23 09:52:16 -04:00
Daniel Micay
517c9ef396 avoid regex location for webmanifest 2024-03-22 20:45:51 -04:00
Daniel Micay
fa6725b935 drop legacy twipu redirects 2024-03-22 19:47:08 -04:00
Daniel Micay
47c93808a7 add limited cache time for vanadium.app redirect 2024-03-20 21:08:01 -04:00
Daniel Micay
26bfd66fe1 add another comment for working around nginx bug 2024-03-20 21:07:21 -04:00
Daniel Micay
26d90ef5d6 stop redirecting the entire vanadium.app domain 2024-03-20 20:52:36 -04:00
Daniel Micay
5b4912b289 disable keepalive by default 
No need for keepalive for the internal socket.
 2024-03-20 19:22:02 -04:00
Daniel Micay
65e1272640 nginx: double per-worker connection and file limit 2024-03-18 17:39:10 -04:00
Daniel Micay
9e1c1a731f add redirect for community rules forum thread 2024-03-12 02:57:34 -04:00
Daniel Micay
eb594178ae replace placeholder Vanadium redirect 2024-02-24 21:32:12 -05:00
Daniel Micay
8ae0f54a9c add redirect.js preload to servers page 2024-02-24 15:39:59 -05:00
Daniel Micay
dda0ad5996 sort preload URIs 2024-02-24 15:39:15 -05:00
Orazio
8ba2118a2a fix redirect to eSIM support 2024-01-31 14:34:50 -05:00
dd-dreams
7da8c03156 add redirect to new section 2024-01-30 13:52:11 -05:00
Daniel Micay
6fbd66ddfa use 301 redirect with 1 day caching for Discord 
There are scenarios where we may have to change the URL so the default
301 behavior is inappropriate but this will work fine.
 2023-12-25 10:56:27 -05:00
Daniel Micay
02a97dd883 use long form Discord link 
https://discord.gg/grapheneos is a 301 redirect to
https://discord.com/invite/grapheneos so it makes sense to use the long
form to avoid a redirect.
 2023-12-24 02:32:57 -05:00
Daniel Micay
bbe5e44924 use custom invite link for Discord 2023-12-21 12:17:18 -05:00
Daniel Micay
82a514a5e3 add discord redirect 2023-11-22 20:36:43 -05:00
Daniel Micay
c748d7e960 simplify nginx configuration deployment 2023-07-15 17:56:13 -04:00
smdyv
4430036ea2 Change string markings for replacements 2023-07-13 16:08:16 -04:00
Daniel Micay
fafee3dcbc drop legacy block-all-mixed-content 2023-07-11 11:23:57 -04:00
Daniel Micay
bfdffb6751 block WebRTC in Content Security Policy 2023-07-10 23:04:29 -04:00
Daniel Micay
74b26bbba5 use new OCSP cache path 2023-07-09 18:34:22 -04:00
Daniel Micay
7bf9b26716 drop legacy info on APEX components 2023-06-27 22:49:40 -04:00
Daniel Micay
8972cabb0f move mta-sts to mail server 2023-06-21 14:57:31 -04:00
Daniel Micay
0982a9df80 move mta-sts.mail.grapheneos.org to mail server 2023-06-21 13:52:02 -04:00
Daniel Micay
a93b9da909 remove obsolete redirect 2023-06-06 14:10:39 -04:00
Daniel Micay
1775719fb3 avoid configuration warning with nginx 1.24.0 2023-05-23 18:02:49 -04:00
Daniel Micay
acdae9b362 add missing include for Matrix server delegation 2023-05-13 16:41:28 -04:00
Daniel Micay
6251dc371d consistent whitespace style 2023-05-05 14:45:11 -04:00
Daniel Micay
8f2b158041 drop configuration to clear legacy push cookie 2023-03-24 18:46:50 -04:00