librewolf/bunkerized-nginx
4
0
Fork 1
mirror of https://github.com/bunkerity/bunkerized-nginx synced 2023-12-13 21:30:18 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #542 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "staging"
This commit is contained in:
Théophile Diot 2023-06-27 12:08:21 -04:00 committed by GitHub
commit ded0ec66de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/security-tuning.md
View file

@ -133,12 +133,10 @@ Besides the HTTPS configuration, the following settings related to HTTPS can be
| :---------------------------: | :---------------: | :----------------------------------------------------------------------------------------------------------- |
| `REDIRECT_HTTP_TO_HTTPS` | `no` | When set to `yes`, will redirect every HTTP request to HTTPS even if BunkerWeb is not configured with HTTPS. |
| `AUTO_REDIRECT_HTTP_TO_HTTPS` | `yes` | When set to `yes`, will redirect every HTTP request to HTTPS only if BunkerWeb is configured with HTTPS. |
| `HTTPS_PROTOCOLS` | `TLSv1.2 TLSv1.3` | List of supported SSL/TLS protocols when HTTPS is enabled. |
| `SSL_PROTOCOLS` | `TLSv1.2 TLSv1.3` | List of supported SSL/TLS protocols when SSL is enabled. |
| `HTTP2` | `yes` | When set to `yes`, will enable HTTP2 protocol support when using HTTPS. |
| `LISTEN_HTTP` | `yes` | When set to `no`, BunkerWeb will not listen for HTTP requests. Useful if you want HTTPS only for example. |
When using stream, the `SSL_PROTOCOLS` can be used which takes the same value as the `HTTPS_PROTOCOLS` one.
### Let's Encrypt
STREAM support :white_check_mark:

2
examples/wordpress/tests.json
View file

@ -1,7 +1,7 @@
{
"name": "wordpress",
"kinds": ["docker", "autoconf", "swarm", "kubernetes", "linux"],
"timeout": 60,
"timeout": 120,
"delay": 120,
"no_copy_container": true,
"tests": [

2
src/common/core/headers/plugin.json
View file

@ -105,7 +105,7 @@
"help": "Value for the Permissions-Policy header.",
"id": "permissions-policy",
"label": "Permissions-Policy",
"regex": "^(?![, ])(,? ?([a-z-]+)(?!.*[^-]\\2=)=(\\*|\\(( ?(self|\\u0022https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*\\u0022))*\\)))*$",
"regex": "^(?![, ])(,? ?([a-z-]+)(?!.*[^-]\\2=)=(\\*|\\(( ?(self|\\u0022https?:\\/\\/[-\\w@:%.+~#=]+[-\\w()!@:%+.~#?&\\/=$]*\\u0022)(?=[ \\)]))*\\)))*$",
"type": "text"
},
"FEATURE_POLICY": {

2
src/common/core/misc/plugin.json
View file

@ -38,7 +38,7 @@
"help": "Allowed HTTP and WebDAV methods, separated with pipes to be sent by clients.",
"id": "allowed-methods",
"label": "Allowed methods",
"regex": "^(?!\\|)(\\|?(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH|COPY|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|UNLOCK)(?!.*(^|\\|)\\2))+$",
"regex": "^(?!\\|)(\\|?([A-Z]{3,})(?!.*(^|\\|)\\2))+$",
"type": "text"
},
"MAX_CLIENT_SIZE": {

2
src/common/settings.json
View file

@ -50,7 +50,7 @@
"help": "List of the virtual hosts served by bunkerweb.",
"id": "server-name",
"label": "Server name",
"regex": "^(?! )( ?((?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\\.?)(?!.* \\2))*$",
"regex": "^(?! )( ?((?=[^ ]{1,255}( |$))[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\\.?)(?!.* \\2))*$",
"type": "text"
},
"WORKER_PROCESSES": {