Commit Graph

25 Commits

Author SHA1 Message Date
Stefan Warnat
ab398276af Always use resolver variable in nginx conf.d files 2022-10-30 00:55:36 +02:00
Slavi Pantaleev
3a9fe48deb Make matrix-nginx-proxy's X-Forwarded-For header customizable
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
2021-11-24 11:32:06 +02:00
JokerGermany
c0656448f7 Port 80 for IPv6 2021-11-13 01:18:22 +01:00
Slavi Pantaleev
6294e58304 Fix Content-Security-Policy for Element
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154

According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined.
2021-07-01 12:41:05 +03:00
sakkiii
0217644b48
Content-Security-Policy For Element Web
https://github.com/vector-im/element-web#configuration-best-practices
2021-06-18 23:27:23 +05:30
sakkiii
25e67b51d1 Merge branch 'spantaleev:master' into master 2021-05-25 11:40:56 +05:30
sakkiii
3436f9c10a rename to matrix_nginx_proxy_hsts_preload_enabled 2021-05-25 00:56:59 +05:30
sakkiii
df2d91970d matrix_nginx_proxy_xss_protection 2021-05-24 17:02:47 +05:30
sakkiii
e9b878b9e9 Optimize SSL session 2021-05-18 19:39:43 +05:30
Slavi Pantaleev
57a6a98a50 Fix incorrect SSL certificate path
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1057
2021-05-18 07:58:47 +03:00
sakkiii
d31b55b2a7 SSL-enabled block only 2021-05-18 03:24:06 +05:30
sakkiii
c05021640d Enable OCSP Stapling 2021-05-15 15:57:05 +05:30
sakkiii
40fe6bd5c1 variable matrix_nginx_proxy_hsts_preload_enable added 2021-04-24 20:04:20 +05:30
sakkiii
3564635f0f
Merge branch 'master' into master 2021-04-24 11:46:52 +05:30
sakkiii
29bba5161b Element More security headers
More Production ready nginx headers for Matrix client element.
2021-04-24 11:10:40 +05:30
Slavi Pantaleev
e00ef04b57 Add opt-out-of-FLoC headers by default 2021-04-21 13:58:24 +03:00
sakkiii
1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii
5dc642ace1
Nginx element web: XSS protection & nosniff header
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
Slavi Pantaleev
f7ae050eaf Remove useless quotes around ssl_ciphers value
Not sure if it breaks with them or not, but no other directive
uses quotes and the nginx docs show examples without quotes,
so we're being consistent with all of that.
2021-01-08 21:22:44 +02:00
Slavi Pantaleev
5822ba0c01 Use a more natural if statement 2021-01-08 21:21:33 +02:00
Agustin Ferrario
5156c63a76 Clean up code
Code was clean up and simplified to make it simpler and easier to
maintain. No features were modified.
2021-01-08 18:35:27 +01:00
Agustin Ferrario
25d423e6b6 Fix errors per spantaleev suggestions
The different configurations are now all lower case, for consistent
naming.

`matrix_nginx_proxy_ssl_config` is now called
`matrix_nginx_proxy_ssl_preset`. The different options for "modern",
"intermediate" and "old" are stored in the main.yml file, instead of
being hardcoded in the configuration files. This will improve the
maintainability of the code.

The "custom" preset was removed. Now if one of the variables is set, it
will use it instead of the preset. This will allow to mix and match more
easily, for example using all the intermediate options but only
supporting TLSv1.2. This will also provide better backward
compatibility.
2021-01-08 11:32:10 +01:00
Agustin Ferrario
2082242499 Add matrix_nginx_proxy_ssl_config
A new variable called `matrix_nginx_proxy_ssl_config` is created for
configuring how the nginx proxy configures SSL. Also a new configuration
validation option and other auxiliary variables are created.

A new variable configuration called `matrix_nginx_proxy_ssl_config` is
created. This allow to set the SSL configuration easily using the
default options proposed by Mozilla. The default configuration is set to
"Intermediate", removing the weak ciphers used in the old
configurations.

The new variable can also be set to "Custom" for a more granular control.
This allows to set another three variables called:

- `matrix_nginx_proxy_ssl_protocols`,
- `matrix_nginx_proxy_ssl_prefer_server_ciphers`
- `matrix_nginx_proxy_ssl_ciphers`

Also a new task is added to validate the SSL configuration variable.
2020-12-16 10:35:37 +01:00
TwoTwenty
18ba885ca2
Update matrix-client-element.conf.j2 2020-07-22 10:38:50 -07:00
Slavi Pantaleev
c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00