security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
1,426 Commits 2 Branches 4 Tags
Commit Graph

65 Commits

Author SHA1 Message Date
Daniel Micay
dd9df36c79 lower large_client_header_buffers to match HTTP/2 2020-12-05 15:05:13 -05:00
Daniel Micay
7d5cea6e5d lower max body size to 1k 2020-12-03 11:17:21 -05:00
Daniel Micay
4c20508727 set client_body_buffer_size appropriately 2020-12-03 11:11:11 -05:00
Daniel Micay
85fb45cda3 move cipher configuration 2020-12-03 10:16:38 -05:00
Daniel Micay
52dcbd7595 use id to style site menu 2020-12-02 18:02:03 -05:00
Daniel Micay
ea1f59da7d use aria-current="page" instead of custom class 2020-12-02 17:54:07 -05:00
Daniel Micay
abc83cbed6 generate atom feed for releases 2020-12-02 12:51:22 -05:00
Daniel Micay
97520ea9ec consistent cipher order for TLS 1.2 and TLS 1.3 2020-12-02 07:33:51 -05:00
Daniel Micay
41547b0e40 remove unused RSA cipher configuration 2020-12-02 07:09:15 -05:00
Daniel Micay
7310432456 explicitly set http2_recv_timeout 2020-11-30 13:26:54 -05:00
Daniel Micay
5c27fd7b93 enable gzip for proxied requests 2020-11-25 07:22:10 -05:00
Daniel Micay
f195b74410 enforce an initial HTTP connection limit per IP 2020-11-24 07:58:02 -05:00
Daniel Micay
6bad648347 cut receive/send timeouts from 60s to 30s 2020-11-24 06:32:28 -05:00
Daniel Micay
08d95c92fa lower client_max_body_size to 4k 2020-11-24 04:24:55 -05:00
Daniel Micay
b336f664ad increase maximum connections 2020-11-24 01:57:20 -05:00
Daniel Micay
90dbec696e nginx: enable access_log buffering 2020-11-23 13:54:50 -05:00
Daniel Micay
69bfee6e20 use $host for multi-subdomain redirect 2020-11-17 16:36:05 -05:00
Daniel Micay
527dac5802 globally disable dynamic gzip compression 2020-11-14 04:38:54 -05:00
Daniel Micay
dbee9a704c move TLS configuration into nginx.conf 2020-11-14 04:23:19 -05:00
Daniel Micay
68b323b8d5 add full nginx configuration 2020-11-14 03:58:21 -05:00
Daniel Micay
e07539f627 update Roboto Mono fonts 2020-11-07 13:10:32 -05:00
Daniel Micay
012a527abd add our response to Copperhead's baseless lawsuit 2020-11-05 15:24:59 -05:00
Daniel Micay
edf73acc08 add Global Privacy Control metadata 2020-11-02 13:37:04 -05:00
Daniel Micay
571f8d40a0 use bitcoin: URI in QR code 2020-11-01 15:04:23 -05:00
Daniel Micay
f69579e757 nginx: update HTTP/2 push configuration 2020-10-31 11:06:06 -04:00
Daniel Micay
d03e7c28b4 add require-trusted-types-for 'script' to CSP 2020-10-27 04:44:58 -04:00
Daniel Micay
e806721d7c add COOP / COEP headers 2020-10-27 04:20:17 -04:00
Daniel Micay
701ed6f301 add Permissions-Policy header 2020-10-03 20:53:38 -04:00
Daniel Micay
99b4037444 disable unused publickey-credentials-get feature 2020-09-27 19:10:27 -04:00
Daniel Micay
f59b4f2310 remove unused Feature-Policy speaker directive 2020-09-27 19:07:05 -04:00
Daniel Micay
c0f510be06 handle Feature-Policy standard renaming wake-lock 2020-09-27 18:54:00 -04:00
Daniel Micay
6d04912ef7 drop (unfortunately) obsolete HPKP support 2020-09-27 16:12:11 -04:00
Daniel Micay
4742817919 disable dynamic gzip when using full static gzip 2020-09-26 12:12:09 -04:00
Daniel Micay
27b24277e1 drop usage of report-uri for Expect-CT and CSP 
This has proven to be unhelpful and we don't need this kind of reporting
with the simplicity of the site and policies.
 2020-07-22 18:41:59 -04:00
Daniel Micay
48d0d85e0c split out connectivitycheck server 2020-07-07 08:51:36 -04:00
Daniel Micay
e119063909 use location block for index redirect 2020-05-14 10:42:24 -04:00
Daniel Micay
a91b23c5da site with broken backlinks supports https now 2020-05-08 06:57:53 -04:00
Daniel Micay
710a026550 nginx: reorder location blocks 2020-05-08 06:55:44 -04:00
Daniel Micay
299c79234d add back workaround for broken backlinks 2020-05-08 06:07:48 -04:00
Daniel Micay
52ef603d59 redirect some mangled backlinks 2020-05-06 18:06:16 -04:00
Daniel Micay
16532c8e20 push CSS for error pages too 2020-04-24 12:54:19 -04:00
Daniel Micay
5f900a3059 make /404 internal too 2020-04-24 11:18:32 -04:00
Daniel Micay
56599f8277 replace 403 errors with 404 errors 2020-04-24 11:18:11 -04:00
Daniel Micay
ddaf5ded8f add initial custom 404 page 2020-04-24 11:18:09 -04:00
Daniel Micay
2343434d83 stop pinning IdenTrust root that's on the way out 2020-04-19 19:20:43 -04:00
Daniel Micay
5a5127845a nginx: mark static brotli files as internal too 2020-04-19 08:28:47 -04:00
Daniel Micay
99f3f8637e nginx: mark static gzip files as internal 2020-04-19 08:28:42 -04:00
Daniel Micay
539b97e347 remove try_files usage for txt/xml 2020-04-18 23:16:49 -04:00
Daniel Micay
abf3087ae6 add mta-sts.mail.grapheneos.org 2020-04-15 18:17:32 -04:00
Daniel Micay
eb1566f6a1 switch HPKP backup pins 2020-04-07 14:39:56 -04:00