Matt Jibson
c88edf8989
Fix weak DH configuration
...
The SSLLabs https://www.ssllabs.com/ssltest/ test reported a B rating for
our SSL configuration, mostly due to the weak DH confiugration we have,
which is vulnerable to the logjam attack. This is their recommended
configuration for nginx.
From: https://weakdh.org/sysadmin.html
This has been verified to work with docker 0.10.0.
2015-08-07 12:03:05 -04:00
Jimmy Zelinskie
68894a6cad
nginx: comment out last part of OCSP stapling
2015-07-14 18:07:53 -04:00
Jimmy Zelinskie
973aa601ef
nginx: "temporarily" disable OCSP stapling
2015-07-14 17:33:57 -04:00
Jake Moshenko
91b2c21789
Reference our certificate file as trusted to enable OCSP stapling.
2015-07-01 15:35:40 -04:00
Jimmy Zelinskie
3166c9a38f
nginx: recompile with SSL module, move directives
2015-06-16 12:30:25 -04:00
Jimmy Zelinskie
581d2fa4fc
nginx: move ssl config out of server-base
2015-05-22 16:25:28 -04:00
Jimmy Zelinskie
4323eb58da
nginx: SSL config into server-base.conf
2015-05-22 13:54:43 -04:00
Jimmy Zelinskie
f9f933feff
nginx: update cipher suite, HSTS, X-Frame-Options
2015-05-22 13:35:49 -04:00
Jimmy Zelinskie
60763d69b1
nginx: support OCSP Stapling
2015-05-20 16:32:12 -04:00
Jimmy Zelinskie
4689c00fad
nginx: drop SSLv3, support TLS 1.1 & 1.2
2015-05-20 16:31:32 -04:00
Jimmy Zelinskie
c44846103e
nginx: enable Strict Transport Security
2015-05-20 16:31:00 -04:00
Jimmy Zelinskie
4a2b25200a
nginx: make rate limiting awesome
2015-02-19 16:24:05 -05:00
Jimmy Zelinskie
b5f7777fd7
nginx: create proxy-server-base.conf w/ rate limit
2015-01-23 16:50:16 -05:00
Jimmy Zelinskie
64bea5387b
nginx: rate limiting only on proxy protocol
2015-01-23 16:04:06 -05:00
Jimmy Zelinskie
b19b256b52
Proxy Protocol on port 8443
2015-01-22 16:10:02 -05:00
Jimmy Zelinskie
a715d97660
health check endpoint without proxy protocol
2015-01-22 12:58:48 -05:00
Jimmy Zelinskie
365290d3c4
Add and include proxy-protocol.conf
2015-01-21 17:11:23 -05:00
Jimmy Zelinskie
e93d0b83ec
reset nginx config to master
2015-01-21 17:00:43 -05:00
Jimmy Zelinskie
0f8aad9ef1
Break out a new server{} config for port 444>
...
This also restores docker proxy stuff with recursive enabled
2015-01-21 15:59:29 -05:00
Jimmy Zelinskie
c992657f05
health check on port 444
2015-01-21 13:43:21 -05:00
Jimmy Zelinskie
312ba536d9
move proxy protocol to ssl listen directive
2015-01-21 11:19:41 -05:00
Jimmy Zelinskie
53e9e514d5
Add vim nginx ft to nginx config files
2015-01-13 15:19:42 -05:00
Jake Moshenko
2b0fc9087f
Performance improvements meant to help get jobs off of the load balancer more quickly.
2014-12-18 11:53:10 -05:00
Joseph Schorr
a1470460a7
Move the /static handler into the base and have nginx serve the Docker ping endpoint
2014-10-02 16:04:23 -04:00
Jake Moshenko
707bca892e
Rename the nginx configuration to remove the word enterprise
2014-05-18 17:28:51 -04:00
jakedt
0cbcc5baef
Remove the no longer used nginx config.
2014-04-18 11:01:59 -04:00
yackob03
2b6c9149e8
Configure nginx to emit logstash logs for access logs. Move all nginx config to a conf subdir. Rework nginx config to share common parts.
2014-01-31 18:13:46 -05:00