Commit Graph
34 Commits
Author SHA1 Message Date
sak d87947c779 remove jibri 2021-07-01 15:42:18 +05:30
sak 7b2211da8e remove jibri 2021-07-01 15:37:20 +05:30
sakkiii 7cc5328ede Comments & Ref 2021-05-24 17:20:54 +05:30
sakkiii df2d91970d matrix_nginx_proxy_xss_protection 2021-05-24 17:02:47 +05:30
sakkiii e9b878b9e9 Optimize SSL session 2021-05-18 19:39:43 +05:30
sakkiii d31b55b2a7 SSL-enabled block only 2021-05-18 03:24:06 +05:30
sakkiii 2c3da6599b Added warning 2021-05-15 16:07:52 +05:30
sakkiii 0dd4459799 matrix_nginx_proxy_ocsp_stapling_enabled variable added 2021-05-15 16:01:49 +05:30
sakkiii c05021640d Enable OCSP Stapling 2021-05-15 15:57:05 +05:30
sakkiii b191e461a5 Merge branch 'spantaleev:master' into master 2021-05-15 12:20:02 +05:30
sakkiiiandGitHub 4bd7d8b5e4 Update grafana (7.5.5->7.5.6) 2021-05-14 18:59:21 +05:30
sakkiiiandGitHub d5cd3d443d Update prometheus (2.26.0->2.27.0) 2021-05-14 18:56:33 +05:30
sakkiii 322b750aad Merge branch 'spantaleev:master' into master 2021-05-14 18:54:47 +05:30
sakkiiiandGitHub 8fc55b30c5 Upgrade Synapse (1.33.1 -> 1.33.2)
This release fixes a denial of service attack (CVE-2021-29471) against Synapse's push rules implementation. Server admins are encouraged to upgrade.

Ref: https://github.com/matrix-org/synapse/releases/tag/v1.33.2
2021-05-11 19:06:30 +05:30
sakkiii 29cf6a0087 Merge branch 'spantaleev:master' into master 2021-05-10 15:10:18 +05:30
sakkiii bb0810302d Merge branch 'spantaleev:master' into master 2021-05-07 23:03:55 +05:30
sakkiii 9174448e5e get rid of this {% else %} 2021-05-06 12:46:17 +05:30
0d5fe2d9f7 Update roles/matrix-grafana/templates/grafana.ini.j2
Co-authored-by: Aaron Raimist <aaron@raim.ist>
2021-05-06 12:38:40 +05:30
sakkiii 37de7fc96a Updated Reference 2021-05-05 22:25:38 +05:30
sakkiii 303de935d5 grafana CSP backward compatible with older browsers 2021-05-05 22:12:56 +05:30
sakkiii 40fe6bd5c1 variable matrix_nginx_proxy_hsts_preload_enable added 2021-04-24 20:04:20 +05:30
sakkiii 5b4fdf9b87 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-24 12:15:34 +05:30
sakkiii 0ccf0fbf1c HSTS preload + X-XSS enables
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
2021-04-24 12:12:34 +05:30
sakkiiiandGitHub 3564635f0f Merge branch 'master' into master 2021-04-24 11:46:52 +05:30
sakkiii 29bba5161b Element More security headers
More Production ready nginx headers for Matrix client element.
2021-04-24 11:10:40 +05:30
sak 88a30fb5ed security** node-exporter data & port publicly exposed 2021-04-19 15:35:23 +05:30
sak 0f9a455719 Revert "security** node-exporter data & port publicly exposed"
This reverts commit d0cd709c08.
2021-04-19 15:24:36 +05:30
sak d0cd709c08 security** node-exporter data & port publicly exposed 2021-04-19 15:15:59 +05:30
sakkiii 1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-17 21:03:26 +05:30
sakkiii 05042f5ff1 Improve security grafana
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
2021-04-17 21:03:05 +05:30
sakkiiiandGitHub 27377e099d updated matrix_grafana_docker_image to v7.5.4
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4)
2021-04-17 17:31:14 +05:30
sakkiiiandGitHub 5dc642ace1 Nginx element web: XSS protection & nosniff header
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
sakkiiiandGitHub 540416e32d Disable support for TLS 1.0 and TLS 1.1
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
2021-04-15 19:25:23 +05:30