Paul Mansfield
ddbfdf6f6e
Open up lets Encrypt acme challenge config ( #165 )
...
Since Lets Encrypt don't publish IP ranges that their acme challenge service will be sourced from, we need to allow free access to this location special to override any IP ACLs added by Advanced Custom Nginx Configuration. Due to the way Nginx config is applied, this only applies to the regex and below, keeping the IP ACLs working for the rest of the website.
2019-07-05 08:32:41 +10:00
OhHeyAlan
9e476e5b24
Only Secure TLS Ciphers & Protocols ( #134 )
...
Disable insecure SSL/TLS ciphers & protocols. Only TLS_1.2 and TLS_1.3 should be enabled.
2019-05-08 10:01:08 +10:00
Jamie Curnow
b49de0e23e
Enable TLS 1.3 by default
2019-05-02 13:03:16 +10:00
Jamie Curnow
2a3d792591
Fixes #68 - HSTS is now part of the UI
2019-02-18 18:21:45 +10:00
Jamie Curnow
48f2bb4cd8
Fix some ip range stuff
2019-01-03 20:25:01 +10:00
Jamie Curnow
3836f7c40a
Fetch ip ranges for CDN servers, Cloudfront and Cloudfare
2019-01-03 17:04:53 +10:00
Jamie Curnow
c97e6ada5b
Support for upstream ssl proxy hosts
2018-12-12 09:47:12 +10:00
Jamie Curnow
c826ed8c1f
Fix proto forwarded header to industry standard
2018-10-25 08:51:43 +10:00
Jamie Curnow
eb391959aa
Added resolvers auto generation in order for hostnames to work
2018-10-19 16:24:44 +10:00
Jamie Curnow
3970d2891f
Docker build changes
2018-06-20 09:53:18 +10:00
Jamie Curnow
36896bcfc9
Bypass basic auth for letsencrypt acme requests, reload nginx after ssl renewals
2018-03-16 10:53:50 +10:00
Jamie Curnow
b324110c49
Trying something to fix the auto ssl renewal process
2018-03-16 10:32:35 +10:00
Jamie Curnow
6e7435c35d
Initial commit
2017-12-21 09:02:37 +10:00
