Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-11-24 | fixed bug when there is no vpn service | elijah | |
2014-11-10 | openvpn - support customizing --fragment, and set default to 1400 | elijah | |
2014-06-02 | added support for /provider.json served from static site. | elijah | |
2014-05-20 | add support for webapp on subdomain | elijah | |
2014-04-08 | minor: allow manual override of 'services' in provider.json | elijah | |
2014-03-20 | allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵ | elijah | |
cipher config options. | |||
2014-03-14 | added support for environment specific providers (e.g. ↵ | elijah | |
provider.production.json). requires latest leap_cli. | |||
2013-11-01 | Change SMTP port to 465 in smtp-service.json (Feature #4339) | varac | |
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-29 | Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵ | Micah Anderson | |
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02 | |||
2013-07-04 | bugfix - properly generate provider.json file. | elijah | |
2013-06-04 | add support for client-side collection of facter facts. | elijah | |
2013-05-21 | only advertise services that are actually deployed (in public provider.json) | elijah | |
2013-05-17 | minor - webapp api port should be integer, not string. | elijah | |
2013-05-14 | added smtp-service.json, requires latest leap_cli | elijah | |
2013-04-30 | added soledad-service.json | elijah | |
2013-04-24 | provider base - service definitions are now versioned (requires new leap_cli) | elijah | |
2013-04-18 | provider.json 'domain' entry should match the domain suffix of the node. | elijah | |
2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
rate limited). | |||
2013-03-16 | the development tag now specifies an alternative provider domain. this ↵ | elijah | |
requires that we use domain.full_suffix instead of provider.domain, whenever possible. | |||
2013-02-27 | openvpn -- added support for optional "free" rate-limited service via ↵ | elijah | |
special client certificates with the FREE prefix in the common name. | |||
2012-12-19 | webapp api now uses a customizable port (so that we don't try to rely on SNI ↵ | elijah | |
for hosting two TLS domains on one IP). | |||
2012-11-23 | fix bugs in eip-service.json template | elijah | |
2012-11-17 | added missing fingerprint of ca cert to provider definition | elijah | |
2012-11-15 | added eip-service.json | elijah | |
2012-11-14 | added provider_base (latest leap_cli required) | elijah | |