sak
d87947c779
remove jibri
2021-07-01 15:42:18 +05:30
sak
7b2211da8e
remove jibri
2021-07-01 15:37:20 +05:30
sakkiii
7cc5328ede
Comments & Ref
2021-05-24 17:20:54 +05:30
sakkiii
df2d91970d
matrix_nginx_proxy_xss_protection
2021-05-24 17:02:47 +05:30
sakkiii
e9b878b9e9
Optimize SSL session
2021-05-18 19:39:43 +05:30
sakkiii
d31b55b2a7
SSL-enabled block only
2021-05-18 03:24:06 +05:30
sakkiii
2c3da6599b
Added warning
2021-05-15 16:07:52 +05:30
sakkiii
0dd4459799
matrix_nginx_proxy_ocsp_stapling_enabled variable added
2021-05-15 16:01:49 +05:30
sakkiii
c05021640d
Enable OCSP Stapling
2021-05-15 15:57:05 +05:30
sakkiii
b191e461a5
Merge branch 'spantaleev:master' into master
2021-05-15 12:20:02 +05:30
sakkiii and GitHub
4bd7d8b5e4
Update grafana (7.5.5->7.5.6)
2021-05-14 18:59:21 +05:30
sakkiii and GitHub
d5cd3d443d
Update prometheus (2.26.0->2.27.0)
2021-05-14 18:56:33 +05:30
sakkiii
322b750aad
Merge branch 'spantaleev:master' into master
2021-05-14 18:54:47 +05:30
sakkiii and GitHub
8fc55b30c5
Upgrade Synapse (1.33.1 -> 1.33.2)
...
This release fixes a denial of service attack (CVE-2021-29471) against Synapse's push rules implementation. Server admins are encouraged to upgrade.
Ref: https://github.com/matrix-org/synapse/releases/tag/v1.33.2
2021-05-11 19:06:30 +05:30
sakkiii
29cf6a0087
Merge branch 'spantaleev:master' into master
2021-05-10 15:10:18 +05:30
sakkiii
bb0810302d
Merge branch 'spantaleev:master' into master
2021-05-07 23:03:55 +05:30
sakkiii
9174448e5e
get rid of this {% else %}
2021-05-06 12:46:17 +05:30
0d5fe2d9f7
Update roles/matrix-grafana/templates/grafana.ini.j2
...
Co-authored-by: Aaron Raimist <aaron@raim.ist >
2021-05-06 12:38:40 +05:30
sakkiii
37de7fc96a
Updated Reference
2021-05-05 22:25:38 +05:30
sakkiii
303de935d5
grafana CSP backward compatible with older browsers
2021-05-05 22:12:56 +05:30
sakkiii
40fe6bd5c1
variable matrix_nginx_proxy_hsts_preload_enable added
2021-04-24 20:04:20 +05:30
sakkiii
5b4fdf9b87
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
2021-04-24 12:15:34 +05:30
sakkiii
0ccf0fbf1c
HSTS preload + X-XSS enables
...
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts ) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`
**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
2021-04-24 12:12:34 +05:30
sakkiii and GitHub
3564635f0f
Merge branch 'master' into master
2021-04-24 11:46:52 +05:30
sakkiii
29bba5161b
Element More security headers
...
More Production ready nginx headers for Matrix client element.
2021-04-24 11:10:40 +05:30
sak
88a30fb5ed
security** node-exporter data & port publicly exposed
2021-04-19 15:35:23 +05:30
sak
0f9a455719
Revert "security** node-exporter data & port publicly exposed"
...
This reverts commit d0cd709c08 .
2021-04-19 15:24:36 +05:30
sak
d0cd709c08
security** node-exporter data & port publicly exposed
2021-04-19 15:15:59 +05:30
sakkiii
1958d0792d
Update matrix-client-element.conf.j2
2021-04-17 21:33:07 +05:30
sakkiii
b6d45c5fd8
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
2021-04-17 21:03:26 +05:30
sakkiii
05042f5ff1
Improve security grafana
...
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy )
2021-04-17 21:03:05 +05:30
sakkiii and GitHub
27377e099d
updated matrix_grafana_docker_image to v7.5.4
...
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4 )
2021-04-17 17:31:14 +05:30
sakkiii and GitHub
5dc642ace1
Nginx element web: XSS protection & nosniff header
...
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
sakkiii and GitHub
540416e32d
Disable support for TLS 1.0 and TLS 1.1
...
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
2021-04-15 19:25:23 +05:30