Michael-GMH 
							
						 
					 
					
						
						
							
						
						6f40d78353 
					 
					
						
						
							
							fix random edits to upstream  
						
						
						
						
					 
					
						2021-05-25 21:25:40 +08:00 
						 
				 
			
				
					
						
							
							
								Michael-GMH 
							
						 
					 
					
						
						
							
						
						ea6e344d05 
					 
					
						
						
							
							merge upstream  
						
						
						
						
					 
					
						2021-05-25 21:10:34 +08:00 
						 
				 
			
				
					
						
							
							
								Michael-GMH 
							
						 
					 
					
						
						
							
						
						85777e8f96 
					 
					
						
						
							
							merge with upstream  
						
						
						
						
					 
					
						2021-05-25 21:08:00 +08:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						1ed0857019 
					 
					
						
						
							
							Fix syntax error  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1024  
						
						
					 
					
						2021-05-25 11:45:17 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						4a4a7f136e 
					 
					
						
						
							
							changes added to hydrogen client  
						
						
						
						
					 
					
						2021-05-25 11:42:51 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						25e67b51d1 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-25 11:40:56 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						3436f9c10a 
					 
					
						
						
							
							rename to matrix_nginx_proxy_hsts_preload_enabled  
						
						
						
						
					 
					
						2021-05-25 00:56:59 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						df2d91970d 
					 
					
						
						
							
							matrix_nginx_proxy_xss_protection  
						
						
						
						
					 
					
						2021-05-24 17:02:47 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						6f80292745 
					 
					
						
						
							
							Add OCSP stapling support and other SSL optimizations to Hydrogen vhost  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1061 
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-21 13:40:37 +03:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						04548f8df2 
					 
					
						
						
							
							Merge branch 'master' into hydrogen  
						
						
						
						
					 
					
						2021-05-21 04:09:18 -05:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						9437f78c9e 
					 
					
						
						
							
							Build using custom config.json, add CSP, update to 0.1.53  
						
						
						
						
					 
					
						2021-05-21 03:45:21 -05:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						e9b878b9e9 
					 
					
						
						
							
							Optimize SSL session  
						
						
						
						
					 
					
						2021-05-18 19:39:43 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e6afa05f7b 
					 
					
						
						
							
							Enable OCSP stapling for the federation port  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057 
Not sure if this is beneficial though. 
						
						
					 
					
						2021-05-18 08:15:42 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						57a6a98a50 
					 
					
						
						
							
							Fix incorrect SSL certificate path  
						
						... 
						
						
						
						Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057  
						
						
					 
					
						2021-05-18 07:58:47 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						b9c4e8ce16 
					 
					
						
						
							
							Merge pull request  #1057  from sakkiii/ssl_staple  
						
						... 
						
						
						
						Enable OCSP Stapling 
						
						
					 
					
						2021-05-18 07:50:35 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						d31b55b2a7 
					 
					
						
						
							
							SSL-enabled block only  
						
						
						
						
					 
					
						2021-05-18 03:24:06 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e4dd933cf0 
					 
					
						
						
							
							Make missing /_synapse/admin correctly return 404 responses  
						
						... 
						
						
						
						Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1058 
We may try to capture such calls and return a friendlier response (HTML
or JSON) saying "The Synapse Admin API is not enabled", but that may not
be desirable.
For now, we stick to what "upstream" recommends: "simply
don't proxy these APIs", which should lead to the same kind of 404 that
we have now.
See here: 6660912226/docs/reverse_proxy.md (synapse-administration-endpoints) 
						
						
					 
					
						2021-05-17 11:45:35 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						c05021640d 
					 
					
						
						
							
							Enable  OCSP Stapling  
						
						
						
						
					 
					
						2021-05-15 15:57:05 +05:30 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						ca361af616 
					 
					
						
						
							
							Add Hydrogen  
						
						
						
						
					 
					
						2021-05-15 04:23:36 -05:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						29cf6a0087 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-10 15:10:18 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						bb0810302d 
					 
					
						
						
							
							Merge branch 'spantaleev:master' into master  
						
						
						
						
					 
					
						2021-05-07 23:03:55 +05:30 
						 
				 
			
				
					
						
							
							
								Béla Becker 
							
						 
					 
					
						
						
							
						
						b10655ebb1 
					 
					
						
						
							
							Jitsi XMPP Websocket support  
						
						... 
						
						
						
						Jitsi-meet enabled websockets by default, claiming better reliability.
Matrix-nginx-proxy configuration has been set up according to the
Prosody documentation: https://prosody.im/doc/websocket  
						
						
					 
					
						2021-05-05 19:10:58 +02:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						40fe6bd5c1 
					 
					
						
						
							
							variable matrix_nginx_proxy_hsts_preload_enable added  
						
						
						
						
					 
					
						2021-04-24 20:04:20 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						389dc26615 
					 
					
						
						
							
							Fix Synapse generic worker balancing  
						
						... 
						
						
						
						Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022  
						
						
					 
					
						2021-04-24 11:52:45 +03:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						5b4fdf9b87 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/sakkiii/matrix-docker-ansible-deploy  
						
						
						
						
					 
					
						2021-04-24 12:15:34 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						0ccf0fbf1c 
					 
					
						
						
							
							HSTS preload + X-XSS enables  
						
						... 
						
						
						
						**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts ) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script. 
						
						
					 
					
						2021-04-24 12:12:34 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						3564635f0f 
					 
					
						
						
							
							Merge branch 'master' into master  
						
						
						
						
					 
					
						2021-04-24 11:46:52 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						29bba5161b 
					 
					
						
						
							
							Element More security headers  
						
						... 
						
						
						
						More Production ready nginx headers for Matrix client element. 
						
						
					 
					
						2021-04-24 11:10:40 +05:30 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						e00ef04b57 
					 
					
						
						
							
							Add opt-out-of-FLoC headers by default  
						
						
						
						
					 
					
						2021-04-21 13:58:24 +03:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						4a1739f604 
					 
					
						
						
							
							Merge pull request  #1007  from teutat3s/fix/nginx-dont-send-version  
						
						... 
						
						
						
						Don't expose nginx version with each response 
						
						
					 
					
						2021-04-18 21:33:11 +03:00 
						 
				 
			
				
					
						
							
							
								teutat3s 
							
						 
					 
					
						
						
							
						
						2bf7c26cfa 
					 
					
						
						
							
							Don't expose nginx version with each response  
						
						
						
						
					 
					
						2021-04-18 16:24:13 +02:00 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						1958d0792d 
					 
					
						
						
							
							Update matrix-client-element.conf.j2  
						
						
						
						
					 
					
						2021-04-17 21:33:07 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						b6d45c5fd8 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/sakkiii/matrix-docker-ansible-deploy  
						
						
						
						
					 
					
						2021-04-17 21:03:26 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						05042f5ff1 
					 
					
						
						
							
							Improve security grafana  
						
						... 
						
						
						
						- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy ) 
						
						
					 
					
						2021-04-17 21:03:05 +05:30 
						 
				 
			
				
					
						
							
							
								sakkiii 
							
						 
					 
					
						
						
							
						
						5dc642ace1 
					 
					
						
						
							
							Nginx element web: XSS protection & nosniff header  
						
						... 
						
						
						
						X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing 
						
						
					 
					
						2021-04-16 14:45:04 +05:30 
						 
				 
			
				
					
						
							
							
								Christoph Johannes Kleine 
							
						 
					 
					
						
						
							
						
						fcd66b2889 
					 
					
						
						
							
							rename variables  
						
						
						
						
					 
					
						2021-03-30 16:41:32 +02:00 
						 
				 
			
				
					
						
							
							
								Christoph Johannes Kleine 
							
						 
					 
					
						
						
							
						
						3a772f2f65 
					 
					
						
						
							
							matrix-nginx-proxy: add custom nginx options to nginx.conf.j2  
						
						
						
						
					 
					
						2021-03-30 14:11:20 +02:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						9a0222fa47 
					 
					
						
						
							
							Add Sygnal support  
						
						... 
						
						
						
						Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683  
						
						
					 
					
						2021-03-20 13:32:22 +02:00 
						 
				 
			
				
					
						
							
							
								Aaron Raimist 
							
						 
					 
					
						
						
							
						
						32b3650c12 
					 
					
						
						
							
							Set X-Forwarded-Proto on federation requests  
						
						
						
						
					 
					
						2021-03-17 18:51:10 -05:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						011e95c1d2 
					 
					
						
						
							
							Merge pull request  #893  from GoMatrixHosting/master  
						
						... 
						
						
						
						matrix-awx - the GoMatrixHosting v0.3.0 initial PR 
						
						
					 
					
						2021-03-16 08:40:15 +02:00 
						 
				 
			
				
					
						
							
							
								Yannick Goossens 
							
						 
					 
					
						
						
							
						
						51e2547484 
					 
					
						
						
							
							Added support for the Go-NEB bot  
						
						
						
						
					 
					
						2021-03-11 19:23:01 +01:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						9b72384df7 
					 
					
						
						
							
							Upgrade Synapse (1.28.0 -> 1.29.0)  
						
						
						
						
					 
					
						2021-03-08 17:24:09 +02:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						f0698ee641 
					 
					
						
						
							
							Do not overwrite X-Forwarded-For when reverse-proxying to Synapse  
						
						... 
						
						
						
						We have a flow like this:
1. matrix.DOMAIN vhost (matrix-domain.conf)
2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled
3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled
4. matrix-synapse container
We are setting `X-Forwarded-For` correctly in step #1 , but were
overwriting it in step #2  with something inaccurate.
Not doing anything in step #2  is better than doing the wrong thing.
It's probably best if we append another reverse-proxy address there
though, although what we're doing now (with this patch) seems to yield
the correct result (when matrix-corporal is not enabled).
When matrix-corporal is enabled, we still seem to do the wrong thing for
some reason. It's something to be fixed later on. 
						
						
					 
					
						2021-03-08 17:24:09 +02:00 
						 
				 
			
				
					
						
							
							
								SierraKiloBravo 
							
						 
					 
					
						
						
							
						
						0de0716527 
					 
					
						
						
							
							Added nginx proxy worker configuration to template and defaults  
						
						
						
						
					 
					
						2021-03-02 11:30:09 +01:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						a25b8135b8 
					 
					
						
						
							
							Fix point overlap between matrix-domain and Jitsi  
						
						... 
						
						
						
						Mostly affects people who disable the integrated `matrix-nginx-proxy`.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456 
and more specifically 4d62a75f6f 
						
						
					 
					
						2021-03-01 20:27:45 +02:00 
						 
				 
			
				
					
						
							
							
								Michael 
							
						 
					 
					
						
						
							
						
						33ec5710d9 
					 
					
						
						
							
							0.2.1 revision  
						
						
						
						
					 
					
						2021-02-28 22:21:40 +08:00 
						 
				 
			
				
					
						
							
							
								Hardy Erlinger 
							
						 
					 
					
						
						
							
						
						f4930d789e 
					 
					
						
						
							
							Run Let's Encrypt renewal checks daily instead of weekly.  
						
						... 
						
						
						
						This ensures more timely updates of certifcates. 
						
						
					 
					
						2021-02-27 21:11:22 +01:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						1ef683d366 
					 
					
						
						
							
							Make nginx proxy config (when disabled) obey matrix_federation_public_port  
						
						... 
						
						
						
						People who were disabling matrix-nginx-proxy (in favor of their own
nginx webserver) and also overriding `matrix_federation_public_port`,
found that the generated nginx configuration still hardcoded `8448`,
which forced their nginx server to use that, regardless of the fact
that `matrix_federation_public_port` was pointing elsewhere.
We now allow for the in-container federation port to be configurable,
and also automatically wire things properly. 
						
						
					 
					
						2021-02-24 08:19:20 +02:00 
						 
				 
			
				
					
						
							
							
								Michael 
							
						 
					 
					
						
						
							
						
						4c882c513b 
					 
					
						
						
							
							initial PR  
						
						
						
						
					 
					
						2021-02-20 17:19:17 +08:00 
						 
				 
			
				
					
						
							
							
								Slavi Pantaleev 
							
						 
					 
					
						
						
							
						
						eaea215282 
					 
					
						
						
							
							Allow Synapse workers to be used with an external nginx webserver  
						
						... 
						
						
						
						We're talking about a webserver running on the same machine, which
imports the configuration files generated by the `matrix-nginx-proxy`
in the `/matrix/nginx-proxy/conf.d` directory.
Users who run an nginx webserver on some other machine will need to do
something different. 
						
						
					 
					
						2021-02-19 11:36:48 +02:00