Daniel Micay
|
b2e4477300
|
nginx: raise open file limit
|
2021-04-25 18:49:52 -04:00 |
|
Daniel Micay
|
f66cae5a86
|
reduce reliance on try_files (inefficient)
|
2021-04-25 17:44:21 -04:00 |
|
Daniel Micay
|
36e63fcbef
|
raise keepalive_timeout to prior HTTP/2 value
|
2021-04-23 20:49:08 -04:00 |
|
Daniel Micay
|
f3320a54d1
|
prefer ChaCha20 for clients without hardware AES
|
2021-04-23 16:31:17 -04:00 |
|
Daniel Micay
|
59cbca7083
|
update nginx configuration for 1.20.0
|
2021-04-23 15:54:16 -04:00 |
|
Daniel Micay
|
e4fcd76ece
|
use 429 response code for conn limit
|
2021-04-19 15:43:41 -04:00 |
|
Daniel Micay
|
5e83027d04
|
disable unused Clipboard API features
|
2021-04-18 00:49:50 -04:00 |
|
Daniel Micay
|
1f027a3fce
|
disable unused hid (WebHID API) feature
|
2021-04-18 00:40:47 -04:00 |
|
Daniel Micay
|
380e34f435
|
disable unused serial (Web Serial API) feature
|
2021-04-18 00:37:16 -04:00 |
|
Daniel Micay
|
3584a627f8
|
disable interest-cohort feature
|
2021-04-18 00:34:46 -04:00 |
|
Daniel Micay
|
8a392845a7
|
add missing qualifier for CORP header setting
|
2021-04-17 04:55:49 -04:00 |
|
Daniel Micay
|
d89ba6bbcf
|
redirect mangled backlinks to /usage#updates
|
2021-04-17 04:21:36 -04:00 |
|
Daniel Micay
|
2efda9f4da
|
redirect broken backlink to /faq
|
2021-04-17 04:18:24 -04:00 |
|
Daniel Micay
|
aff5f4def1
|
disable obsolete msie_padding feature
|
2021-04-17 03:57:32 -04:00 |
|
Daniel Micay
|
6d4a724f80
|
nginx: limit sendfile chunk size
|
2021-04-17 01:47:33 -04:00 |
|
Daniel Micay
|
c812d96b51
|
set keepalive_requests to match nginx mainline
|
2021-04-16 23:56:39 -04:00 |
|
Daniel Micay
|
6aeda1a29e
|
nginx: remove redundant tcp_nodelay option
|
2021-04-16 13:34:00 -04:00 |
|
Daniel Micay
|
2632df2a2f
|
remove obsolete mask icon redirects
|
2021-04-16 08:42:48 -04:00 |
|
Daniel Micay
|
39c0b55422
|
finish setting up CORP headers and document issues
|
2021-04-15 04:37:25 -04:00 |
|
Daniel Micay
|
56d73685e3
|
avoid breaking image hotlinking for now
|
2021-04-15 04:23:34 -04:00 |
|
Daniel Micay
|
e7f6cff9c2
|
remove legacy mstile redirects
|
2021-04-15 03:23:50 -04:00 |
|
Daniel Micay
|
682c078830
|
simplify error page configuration
|
2021-04-14 23:41:03 -04:00 |
|
Daniel Micay
|
d069da17c8
|
set CORP header for error responses too
|
2021-04-14 23:30:01 -04:00 |
|
Daniel Micay
|
c7d1bdce2e
|
expand same-origin CORP header usage
|
2021-04-14 23:08:44 -04:00 |
|
Daniel Micay
|
2f61719328
|
mark js/mjs as immutable too
|
2021-04-11 23:28:04 -04:00 |
|
Daniel Micay
|
42c521e38b
|
expand same-origin CORP header usage
|
2021-03-31 14:50:36 -04:00 |
|
Daniel Micay
|
150b04c601
|
start deploying same-origin CORP conservatively
|
2021-03-30 13:17:46 -04:00 |
|
Daniel Micay
|
43949eb637
|
move static site root to /srv
|
2021-03-30 10:58:04 -04:00 |
|
Daniel Micay
|
19f1f9b700
|
move mta-sts data to /srv
|
2021-03-29 17:08:02 -04:00 |
|
Daniel Micay
|
ba1047b121
|
set immutable for woff2 cache headers
|
2021-03-27 09:05:58 -04:00 |
|
Daniel Micay
|
54845bd077
|
update naming for Roboto fonts
|
2021-03-27 09:02:36 -04:00 |
|
Daniel Micay
|
c3cd0bf24a
|
set immutable for CSS cache header
|
2021-03-26 21:25:30 -04:00 |
|
Daniel Micay
|
342a31c06c
|
automate CSS/JS cache busting
|
2021-03-26 21:03:34 -04:00 |
|
Daniel Micay
|
6160770d00
|
force cache revalidation for (unversioned) html
|
2021-03-26 19:32:22 -04:00 |
|
Daniel Micay
|
3cfe562892
|
enforce strict Trusted Types without policies
|
2021-03-26 13:44:32 -04:00 |
|
Daniel Micay
|
a0d93f3375
|
explicitly set SameSite for preload session cookie
|
2021-03-23 10:46:50 -04:00 |
|
Daniel Micay
|
a3b9058e10
|
work around legacy CSP handling by AV/extensions
|
2021-03-21 11:21:28 -04:00 |
|
Daniel Micay
|
aae0ac8edf
|
replace legacy /install redirect
|
2021-03-06 22:38:39 -05:00 |
|
Daniel Micay
|
d12871ad4a
|
add grapheneos.ovh domain
|
2021-03-01 11:48:03 -05:00 |
|
Daniel Micay
|
0ebc070231
|
fix redirect of mangled backlinks
|
2021-02-23 22:32:03 -05:00 |
|
Daniel Micay
|
038af56748
|
add svg logo to initial preload/push
|
2021-02-20 12:27:19 -05:00 |
|
Daniel Micay
|
f298ee4b2b
|
use once per session preload / push
|
2021-02-15 04:23:56 -05:00 |
|
Daniel Micay
|
ba302d9f86
|
use a single Link header for preloading
|
2021-02-15 03:41:54 -05:00 |
|
Daniel Micay
|
0c006f9afd
|
add preload headers for core fonts
|
2021-02-15 03:25:22 -05:00 |
|
Daniel Micay
|
08affd9558
|
make redirects more robust
|
2021-02-15 02:27:42 -05:00 |
|
Daniel Micay
|
e5fd95c5ff
|
use relative include for security headers
|
2021-02-14 09:29:59 -05:00 |
|
Daniel Micay
|
796bb82e8f
|
fix broken double slash redirect
nginx doesn't sanitize input to statements like return.
|
2021-02-14 09:19:04 -05:00 |
|
Daniel Micay
|
997f062ac6
|
add brotli static configuration
|
2021-02-14 00:45:30 -05:00 |
|
Daniel Micay
|
87e5622def
|
switch to nginx user
|
2021-02-14 00:44:46 -05:00 |
|
Daniel Micay
|
2c3b0f28c0
|
add redirects to handle reversed order for install
|
2021-01-27 20:55:52 -05:00 |
|