Commit Graph

64 Commits (ae9809a7d021fcaf01ee482a9c6c59fdd50125a6)

Author SHA1 Message Date
Rigel Kent e883399fa6 Precisions and security enhancements to the production guide (#287)
- added precisions and suggestions about how to generate Let's Encrypt certificates. Users have reported their installations didn't work when the problem came from missing certificates (false positives).
- security defaults of Nginx follow the basic robustness principle "be conservative in what you send, be liberal in what you accept", which isn't enough with modern security standards, so we should be picky with the cipher suites we use, among other things. Extra comments (especially for the TLS1.3 protocol support parameter) make the requirement of a recent Nginx installation obvious, and the downgrade alternative remains clear to the system administrator.

All in all, we should aknowledge users will most often copy and paste the configuration files. Making them secure by default may force a few users to read their configuration, but on the long run we are making the fediverse more secure.

Since I've come to modify a bit the Nginx config in `support/doc/production.md`, I've merged it with the template so that they stay consistent.
2018-02-14 11:11:49 +01:00
Chocobozzz 59c48d49c5
Peertube home in /var/www instead of /home 2018-01-23 09:00:23 +01:00
Chocobozzz 2e866cc75d
Don't serve previews with nginx
We need to maintain a cache in the node process
2018-01-18 18:45:27 +01:00
Chocobozzz 5668bf2e51
nginx optimizations 2018-01-18 17:45:49 +01:00
Chocobozzz d2000ca6e7
Update production guide
Use release that already contains build files. It requires a specific
directories tree but I think it would be fine.
2018-01-15 18:07:08 +01:00
Chocobozzz 85cd9bde5a
Remove unused webserver configuration
And update nginx configuration with a rate limit
2018-01-11 10:46:49 +01:00
Fernandez, ReK2 99eff32c00 change nginx config to fix deprecation of a old module (#175) 2018-01-06 18:07:52 +01:00
Chocobozzz 7e9334c34d
Add ability to unfollow a server 2017-11-27 19:40:52 +01:00
Chocobozzz b9a20e5947
Fix nginx https template 2017-10-19 17:42:39 +02:00
Chocobozzz aa83bcce54
Increase client_max_body_size in NGinx template 2017-10-17 11:46:07 +02:00
Chocobozzz c97eea23d7 Add peertube https nginx template 2016-11-25 14:21:41 +01:00
Chocobozzz 5e9acecaeb Update NGinx template (uploads -> videos) 2016-10-26 20:28:34 +02:00
Chocobozzz 1f0f84c27e Update NGinx that bypass /static/webseed (better performances) 2016-10-10 21:21:19 +02:00
Chocobozzz 5d4e941100 Add nginx example file 2016-06-03 15:56:40 +02:00