From d92bd4544ed59a35df98b035db54bea719dbe494 Mon Sep 17 00:00:00 2001 From: Angristan Date: Wed, 12 Apr 2017 16:07:26 +0200 Subject: [PATCH 1/3] Add IPv6 for port 443 --- Running-Mastodon/Production-guide.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Running-Mastodon/Production-guide.md b/Running-Mastodon/Production-guide.md index 49f3e59b..05a9b250 100644 --- a/Running-Mastodon/Production-guide.md +++ b/Running-Mastodon/Production-guide.md @@ -20,6 +20,7 @@ server { server { listen 443 ssl; + listen [::]:443 ssl; server_name example.com; ssl_protocols TLSv1.2; @@ -30,6 +31,8 @@ server { ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; keepalive_timeout 70; sendfile on; @@ -46,9 +49,6 @@ server { gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - location / { try_files $uri @proxy; } From 368d815e4ddc29c3745b431ecb223414f55f4044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?wxcaf=C3=A9?= Date: Fri, 14 Apr 2017 02:00:01 +0200 Subject: [PATCH 2/3] Removes the includeSubDomains directive from HSTS --- Running-Mastodon/Production-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Running-Mastodon/Production-guide.md b/Running-Mastodon/Production-guide.md index 612e58fa..515db9dd 100644 --- a/Running-Mastodon/Production-guide.md +++ b/Running-Mastodon/Production-guide.md @@ -32,7 +32,7 @@ server { ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + add_header Strict-Transport-Security "max-age=31536000"; keepalive_timeout 70; sendfile on; From 6e431d26de2abd7dccbef51435ab28ac67513ec3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?wxcaf=C3=A9?= Date: Fri, 14 Apr 2017 02:03:03 +0200 Subject: [PATCH 3/3] Removes duplicate HSTS directive --- Running-Mastodon/Production-guide.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/Running-Mastodon/Production-guide.md b/Running-Mastodon/Production-guide.md index 515db9dd..c601dbdb 100644 --- a/Running-Mastodon/Production-guide.md +++ b/Running-Mastodon/Production-guide.md @@ -31,8 +31,6 @@ server { ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; - - add_header Strict-Transport-Security "max-age=31536000"; keepalive_timeout 70; sendfile on;