fripost-ansible/roles/common-web/files, branch master

Nginx: Drop OCSP stapling directives.

2025-08-06T11:51:50+00:00

Let's Encrypt removed OCSP URLs from certificates on 2025-05-07, see
https://letsencrypt.org/2024/12/05/ending-ocsp .

Port baseline to Debian 11 (codename Bullseye).

2022-10-13T20:12:05+00:00

nginx: Update trusted certificate used for OCSP stapling.

2020-12-05T14:52:10+00:00

See https://bugs.debian.org/975862 .

common-web: Remove snippets/acme-challenge.conf.

2020-05-16T21:53:35+00:00

lacme now ships that file as /etc/lacme/nginx.conf.

Nextcloud: use dedicated user and PHP FPM pool.

2020-05-15T23:30:44+00:00

There is a real security gain in not using the 'www-data' user: nginx
workers can't read Nextcloud config files and data directory, so should
our nginx configuration be insecure a leak is much less likely.

role/common-web: Upgrade baseline to Debian 10.

2020-05-15T22:51:30+00:00

Upgrade baseline to Debian Stretch.

2018-12-03T02:43:36+00:00

nginx: set Referrer-Policy HTTP header to "no-referrer".

2016-12-13T19:36:38+00:00

HSTS: use the standard capitalization of includeSubDomains.

2016-07-12T15:27:24+00:00

Cf. RFC 6797 sec. 6.1.2.

Rename letsencrypt-tiny to lacme.

2016-06-15T16:00:57+00:00