| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | Port baseline to Debian 11 (codename Bullseye). | Guilhem Moulin | 2022-10-13 | 1 | 
| | | ||||
| * | nginx: Update trusted certificate used for OCSP stapling. | Guilhem Moulin | 2020-12-05 | 1 | 
| | | | | | See https://bugs.debian.org/975862 . | |||
| * | nginx: Add MIME type declaration for .woff2 files. | Guilhem Moulin | 2020-05-17 | 1 | 
| | | ||||
| * | Roundcube: Port to Debian 10. | Guilhem Moulin | 2020-05-17 | 1 | 
| | | | | | | We use the version from buster-backports (currently 1.4.4+dfsg.1-1~bpo10+1) for the elastic theme. | |||
| * | common-web: Remove snippets/acme-challenge.conf. | Guilhem Moulin | 2020-05-16 | 2 | 
| | | | | | lacme now ships that file as /etc/lacme/nginx.conf. | |||
| * | Nextcloud: use dedicated user and PHP FPM pool. | Guilhem Moulin | 2020-05-16 | 1 | 
| | | | | | | | There is a real security gain in not using the 'www-data' user: nginx workers can't read Nextcloud config files and data directory, so should our nginx configuration be insecure a leak is much less likely. | |||
| * | role/common-web: Upgrade baseline to Debian 10. | Guilhem Moulin | 2020-05-16 | 4 | 
| | | ||||
| * | Upgrade baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 6 | 
| | | ||||
| * | nginx: set Referrer-Policy HTTP header to "no-referrer". | Guilhem Moulin | 2016-12-13 | 1 | 
| | | ||||
| * | HSTS: use the standard capitalization of includeSubDomains. | Guilhem Moulin | 2016-07-12 | 1 | 
| | | | | | Cf. RFC 6797 sec. 6.1.2. | |||
| * | Rename letsencrypt-tiny to lacme. | Guilhem Moulin | 2016-06-15 | 1 | 
| | | ||||
| * | Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public. | Guilhem Moulin | 2016-05-18 | 1 | 
| | | | | | | | | | | | Ideally we we should also increase the Diffie-Hellman group size from 2048-bit to 3072-bit, as per ENISA 2014 report. https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 But we postpone that for now until we are reasonably certain that older client won't be left out. | |||
| * | nginx: update ssl_ciphers to follow Mozilla's TLS server recommendation. | Guilhem Moulin | 2016-04-02 | 1 | 
| | | | | | https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1k&hsts=yes&profile=intermediate | |||
| * | Set HTTP security headers. | Guilhem Moulin | 2016-03-30 | 3 | 
| | | | | | See https://securityheaders.io . | |||
| * | Replace LE's X1 intermediate CA with X3 since the latter has better support ↵ | Guilhem Moulin | 2016-03-28 | 1 | 
| | | | | | for XP. | |||
| * | Fix Let's Encrypt CAfile. | Guilhem Moulin | 2015-12-28 | 1 | 
| | | ||||
| * | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 3 | 
| | | ||||
| * | nginx: Move include.d/* to snippets/. | Guilhem Moulin | 2015-12-20 | 6 | 
| | | ||||
| * | nginx: s/conf.d/include.d/ | Guilhem Moulin | 2015-12-15 | 2 | 
| | | ||||
| * | ngnix: mv ssl/config conf.d/ssl | Guilhem Moulin | 2015-12-09 | 2 | 
| | | ||||
| * | Replace gitweb with cgit. | Guilhem Moulin | 2015-09-21 | 1 | 
| | | ||||
| * | Add .asc to text/plain nginx MIME types. | Guilhem Moulin | 2015-08-21 | 1 | 
| | | ||||
| * | typo | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Fix tab damage. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | wibble | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Follow Qualys's SSL labs recommendation for HTTPS. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | (Disable SSLv3 and extend STS' max age to 180 days.) See https://www.ssllabs.com/ssltest/ . | |||
| * | Common web configuration. | Guilhem Moulin | 2015-06-07 | 6 | 
