Commit graph

29 commits

Author SHA1 Message Date
Joseph Schorr
a25572f2b3 Enable HTTP2 under proxy protocol 2015-12-08 15:36:26 -05:00
Joseph Schorr
769ec4c2a3 Enable http2 in nginx 2015-12-04 17:06:55 -05:00
Matt Jibson
c88edf8989 Fix weak DH configuration
The SSLLabs https://www.ssllabs.com/ssltest/ test reported a B rating for
our SSL configuration, mostly due to the weak DH confiugration we have,
which is vulnerable to the logjam attack. This is their recommended
configuration for nginx.

From: https://weakdh.org/sysadmin.html

This has been verified to work with docker 0.10.0.
2015-08-07 12:03:05 -04:00
Jimmy Zelinskie
68894a6cad nginx: comment out last part of OCSP stapling 2015-07-14 18:07:53 -04:00
Jimmy Zelinskie
973aa601ef nginx: "temporarily" disable OCSP stapling 2015-07-14 17:33:57 -04:00
Jake Moshenko
91b2c21789 Reference our certificate file as trusted to enable OCSP stapling. 2015-07-01 15:35:40 -04:00
Jimmy Zelinskie
3166c9a38f nginx: recompile with SSL module, move directives 2015-06-16 12:30:25 -04:00
Jimmy Zelinskie
581d2fa4fc nginx: move ssl config out of server-base 2015-05-22 16:25:28 -04:00
Jimmy Zelinskie
4323eb58da nginx: SSL config into server-base.conf 2015-05-22 13:54:43 -04:00
Jimmy Zelinskie
f9f933feff nginx: update cipher suite, HSTS, X-Frame-Options 2015-05-22 13:35:49 -04:00
Jimmy Zelinskie
60763d69b1 nginx: support OCSP Stapling 2015-05-20 16:32:12 -04:00
Jimmy Zelinskie
4689c00fad nginx: drop SSLv3, support TLS 1.1 & 1.2 2015-05-20 16:31:32 -04:00
Jimmy Zelinskie
c44846103e nginx: enable Strict Transport Security 2015-05-20 16:31:00 -04:00
Jimmy Zelinskie
4a2b25200a nginx: make rate limiting awesome 2015-02-19 16:24:05 -05:00
Jimmy Zelinskie
b5f7777fd7 nginx: create proxy-server-base.conf w/ rate limit 2015-01-23 16:50:16 -05:00
Jimmy Zelinskie
64bea5387b nginx: rate limiting only on proxy protocol 2015-01-23 16:04:06 -05:00
Jimmy Zelinskie
b19b256b52 Proxy Protocol on port 8443 2015-01-22 16:10:02 -05:00
Jimmy Zelinskie
a715d97660 health check endpoint without proxy protocol 2015-01-22 12:58:48 -05:00
Jimmy Zelinskie
365290d3c4 Add and include proxy-protocol.conf 2015-01-21 17:11:23 -05:00
Jimmy Zelinskie
e93d0b83ec reset nginx config to master 2015-01-21 17:00:43 -05:00
Jimmy Zelinskie
0f8aad9ef1 Break out a new server{} config for port 444>
This also restores docker proxy stuff with recursive enabled
2015-01-21 15:59:29 -05:00
Jimmy Zelinskie
c992657f05 health check on port 444 2015-01-21 13:43:21 -05:00
Jimmy Zelinskie
312ba536d9 move proxy protocol to ssl listen directive 2015-01-21 11:19:41 -05:00
Jimmy Zelinskie
53e9e514d5 Add vim nginx ft to nginx config files 2015-01-13 15:19:42 -05:00
Jake Moshenko
2b0fc9087f Performance improvements meant to help get jobs off of the load balancer more quickly. 2014-12-18 11:53:10 -05:00
Joseph Schorr
a1470460a7 Move the /static handler into the base and have nginx serve the Docker ping endpoint 2014-10-02 16:04:23 -04:00
Jake Moshenko
707bca892e Rename the nginx configuration to remove the word enterprise 2014-05-18 17:28:51 -04:00
jakedt
0cbcc5baef Remove the no longer used nginx config. 2014-04-18 11:01:59 -04:00
yackob03
2b6c9149e8 Configure nginx to emit logstash logs for access logs. Move all nginx config to a conf subdir. Rework nginx config to share common parts. 2014-01-31 18:13:46 -05:00