Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Nextcloud: use dedicated user and PHP FPM pool. | Guilhem Moulin | 2020-05-16 | 1 |
| | | | | | | There is a real security gain in not using the 'www-data' user: nginx workers can't read Nextcloud config files and data directory, so should our nginx configuration be insecure a leak is much less likely. | |||
* | role/common-web: Upgrade baseline to Debian 10. | Guilhem Moulin | 2020-05-16 | 3 |
| | ||||
* | Upgrade baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 4 |
| | ||||
* | nginx: set Referrer-Policy HTTP header to "no-referrer". | Guilhem Moulin | 2016-12-13 | 1 |
| | ||||
* | HSTS: use the standard capitalization of includeSubDomains. | Guilhem Moulin | 2016-07-12 | 1 |
| | | | | Cf. RFC 6797 sec. 6.1.2. | |||
* | Rename letsencrypt-tiny to lacme. | Guilhem Moulin | 2016-06-15 | 1 |
| | ||||
* | Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public. | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | | | | | Ideally we we should also increase the Diffie-Hellman group size from 2048-bit to 3072-bit, as per ENISA 2014 report. https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 But we postpone that for now until we are reasonably certain that older client won't be left out. | |||
* | nginx: update ssl_ciphers to follow Mozilla's TLS server recommendation. | Guilhem Moulin | 2016-04-02 | 1 |
| | | | | https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1k&hsts=yes&profile=intermediate | |||
* | Set HTTP security headers. | Guilhem Moulin | 2016-03-30 | 1 |
| | | | | See https://securityheaders.io . | |||
* | Replace LE's X1 intermediate CA with X3 since the latter has better support ↵ | Guilhem Moulin | 2016-03-28 | 1 |
| | | | | for XP. | |||
* | Fix Let's Encrypt CAfile. | Guilhem Moulin | 2015-12-28 | 1 |
| | ||||
* | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 1 |
| | ||||
* | nginx: Move include.d/* to snippets/. | Guilhem Moulin | 2015-12-20 | 4 |