sakkiii 
							
						 
					 
					
						
						
							
						
						0217644b48 
					 
					
						
						
							
							Content-Security-Policy For Element Web  
						
						... 
						
						
						
						https://github.com/vector-im/element-web#configuration-best-practices  
					
						2021-06-18 23:27:23 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						963f38ee7b 
					 
					
						
						
							
							Upgrade certbot (v1.14.0 -> v1.16.0)  
						
						
						
						
					 
					
						2021-06-10 12:18:42 +03:00 
						 
				 
			
				
					
						
							
							
								pushytoxin 
							
						 
					 
					
						
						
							
						
						bee14550ab 
					 
					
						
						
							
							Fix local/bin scripts autocompletion by adding rx perms to everyone  
						
						... 
						
						
						
						It's mildly annoying when trying to execute these scripts while logged
in as a regular user, as the missing execute permissions will hinder
autocompletion even when trying to use with sudo.
These shell scripts don't contain secrets, but may fail when ran by a
regular user. The failure is due to the lack of access to the /matrix
directory, and does not result in any damage. 
						
						
					 
					
						2021-05-28 10:39:27 +02:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						4880dcceb0 
					 
					
						
						
							
							Fix OCSP-stapling-related errors due to missing resolver  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-28 11:14:33 +03:00 
						 
				 
			
				
					
						
							
							
								rakshazi 
							
						 
					 
					
						
						
							
						
						4ddd8bbb84 
					 
					
						
						
							
							Updated nginx-proxy (1.20.0 -> 1.21.0)  
						
						
						
						
					 
					
						2021-05-25 17:06:39 +00:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						1ed0857019 
					 
					
						
						
							
							Fix syntax error  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024  
						
						
					 
					
						2021-05-25 11:45:17 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						4a4a7f136e 
					 
					
						
						
							
							changes added to hydrogen client  
						
						
						
						
					 
					
						2021-05-25 11:42:51 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						25e67b51d1 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-25 11:40:56 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						3436f9c10a 
					 
					
						
						
							
							rename to matrix_nginx_proxy_hsts_preload_enabled  
						
						
						
						
					 
					
						2021-05-25 00:56:59 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						7cc5328ede 
					 
					
						
						
							
							Comments & Ref  
						
						
						
						
					 
					
						2021-05-24 17:20:54 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						df2d91970d 
					 
					
						
						
							
							matrix_nginx_proxy_xss_protection  
						
						
						
						
					 
					
						2021-05-24 17:02:47 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						6f80292745 
					 
					
						
						
							
							Add OCSP stapling support and other SSL optimizations to Hydrogen vhost  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061 
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-21 13:40:37 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						d0de21ab34 
					 
					
						
						
							
							Delete Hydrogen nginx configuration file when disabled  
						
						
						
						
					 
					
						2021-05-21 12:58:32 +03:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						04548f8df2 
					 
					
						
						
							
							Merge branch 'master' into hydrogen  
						
						
						
						
					 
					
						2021-05-21 04:09:18 -05:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						9437f78c9e 
					 
					
						
						
							
							Build using custom config.json, add CSP, update to 0.1.53  
						
						
						
						
					 
					
						2021-05-21 03:45:21 -05:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						e9b878b9e9 
					 
					
						
						
							
							Optimize SSL session  
						
						
						
						
					 
					
						2021-05-18 19:39:43 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e6afa05f7b 
					 
					
						
						
							
							Enable OCSP stapling for the federation port  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057 
Not sure if this is beneficial though. 
						
						
					 
					
						2021-05-18 08:15:42 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						57a6a98a50 
					 
					
						
						
							
							Fix incorrect SSL certificate path  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-18 07:58:47 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						b9c4e8ce16 
					 
					
						
						
							
							Merge pull request  #1057  from sakkiii/ssl_staple  
						
						... 
						
						
						
						Enable OCSP Stapling 
						
						
					 
					
						2021-05-18 07:50:35 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						d31b55b2a7 
					 
					
						
						
							
							SSL-enabled block only  
						
						
						
						
					 
					
						2021-05-18 03:24:06 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e4dd933cf0 
					 
					
						
						
							
							Make missing /_synapse/admin correctly return 404 responses  
						
						... 
						
						
						
						Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058 
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints) 
						
						
					 
					
						2021-05-17 11:45:35 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						2c3da6599b 
					 
					
						
						
							
							Added warning  
						
						
						
						
					 
					
						2021-05-15 16:07:52 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						0dd4459799 
					 
					
						
						
							
							matrix_nginx_proxy_ocsp_stapling_enabled variable added  
						
						
						
						
					 
					
						2021-05-15 16:01:49 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						c05021640d 
					 
					
						
						
							
							Enable  OCSP Stapling  
						
						
						
						
					 
					
						2021-05-15 15:57:05 +05:30 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						ca361af616 
					 
					
						
						
							
							Add Hydrogen  
						
						
						
						
					 
					
						2021-05-15 04:23:36 -05:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						29cf6a0087 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-10 15:10:18 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						bb0810302d 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-07 23:03:55 +05:30 
						 
				 
			
				
					
						
							
							
								Béla Becker 
							
						 
					 
					
						
						
							
						
						b10655ebb1 
					 
					
						
						
							
							Jitsi XMPP Websocket support  
						
						... 
						
						
						
						Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket  
						
						
					 
					
						2021-05-05 19:10:58 +02:00 
						 
				 
			
				
					
						
							
							
								Dan Arnfield 
							
						 
					 
					
						
						
							
						
						cfaa3e598a 
					 
					
						
						
							
							Update nginx (1.19.10 -> 1.20.0)  
						
						
						
						
					 
					
						2021-05-03 16:00:11 -05:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						40fe6bd5c1 
					 
					
						
						
							
							variable matrix_nginx_proxy_hsts_preload_enable added  
						
						
						
						
					 
					
						2021-04-24 20:04:20 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						389dc26615 
					 
					
						
						
							
							Fix Synapse generic worker balancing  
						
						... 
						
						
						
						Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022  
						
						
					 
					
						2021-04-24 11:52:45 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						5b4fdf9b87 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/sakkiii/matrix-docker-ansible-deploy  
						
						
						
						
					 
					
						2021-04-24 12:15:34 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						0ccf0fbf1c 
					 
					
						
						
							
							HSTS preload + X-XSS enables  
						
						... 
						
						
						
						**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts ) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script. 
						
						
					 
					
						2021-04-24 12:12:34 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						3564635f0f 
					 
					
						
						
							
							Merge branch 'master' into master  
						
						
						
						
					 
					
						2021-04-24 11:46:52 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						29bba5161b 
					 
					
						
						
							
							Element More security headers  
						
						... 
						
						
						
						More Production ready nginx headers for Matrix client element. 
						
						
					 
					
						2021-04-24 11:10:40 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						d691cc0920 
					 
					
						
						
							
							Move variable definition a bit  
						
						
						
						
					 
					
						2021-04-21 13:59:20 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e00ef04b57 
					 
					
						
						
							
							Add opt-out-of-FLoC headers by default  
						
						
						
						
					 
					
						2021-04-21 13:58:24 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						4a1739f604 
					 
					
						
						
							
							Merge pull request  #1007  from teutat3s/fix/nginx-dont-send-version  
						
						... 
						
						
						
						Don't expose nginx version with each response 
						
						
					 
					
						2021-04-18 21:33:11 +03:00 
						 
				 
			
				
					
						
							
							
								teutat3s 
							
						 
					 
					
						
						
							
						
						2bf7c26cfa 
					 
					
						
						
							
							Don't expose nginx version with each response  
						
						
						
						
					 
					
						2021-04-18 16:24:13 +02:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						1958d0792d 
					 
					
						
						
							
							Update matrix-client-element.conf.j2  
						
						
						
						
					 
					
						2021-04-17 21:33:07 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						b6d45c5fd8 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/sakkiii/matrix-docker-ansible-deploy  
						
						
						
						
					 
					
						2021-04-17 21:03:26 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						05042f5ff1 
					 
					
						
						
							
							Improve security grafana  
						
						... 
						
						
						
						- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy ) 
						
						
					 
					
						2021-04-17 21:03:05 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						5dc642ace1 
					 
					
						
						
							
							Nginx element web: XSS protection & nosniff header  
						
						... 
						
						
						
						X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing 
						
						
					 
					
						2021-04-16 14:45:04 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						c7c137df74 
					 
					
						
						
							
							Upgrade nginx and certbot  
						
						
						
						
					 
					
						2021-04-14 13:24:41 +03:00 
						 
				 
			
				
					
						
							
							
								Ahmad Haghighi 
							
						 
					 
					
						
						
							
						
						e335f3fc77 
					 
					
						
						
							
							rename matrix_global_registry to matrix_container_global_registry_prefix related to  #990  
						
						... 
						
						
						
						Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org > 
						
						
					 
					
						2021-04-12 17:23:55 +04:30 
						 
				 
			
				
					
						
							
							
								Ahmad Haghighi 
							
						 
					 
					
						
						
							
						
						f52a8b6484 
					 
					
						
						
							
							use custom docker registry  
						
						
						
						
					 
					
						2021-04-12 17:23:55 +04:30 
						 
				 
			
				
					
						
							
							
								Christoph Johannes Kleine 
							
						 
					 
					
						
						
							
						
						fcd66b2889 
					 
					
						
						
							
							rename variables  
						
						
						
						
					 
					
						2021-03-30 16:41:32 +02:00 
						 
				 
			
				
					
						
							
							
								Christoph Johannes Kleine 
							
						 
					 
					
						
						
							
						
						8ba1105010 
					 
					
						
						
							
							rename variable  
						
						
						
						
					 
					
						2021-03-30 15:59:10 +02:00 
						 
				 
			
				
					
						
							
							
								Christoph Johannes Kleine 
							
						 
					 
					
						
						
							
						
						3a772f2f65 
					 
					
						
						
							
							matrix-nginx-proxy: add custom nginx options to nginx.conf.j2  
						
						
						
						
					 
					
						2021-03-30 14:11:20 +02:00 
						 
				 
			
				
					
						
							
							
								Dan Arnfield 
							
						 
					 
					
						
						
							
						
						97d8527e00 
					 
					
						
						
							
							Update nginx (1.19.6 -> 1.19.8)  
						
						
						
						
					 
					
						2021-03-24 09:42:08 -05:00