summaryrefslogtreecommitdiff
path: root/provider_base/files
AgeCommit message (Collapse)Author
2014-06-02added support for /provider.json served from static site.elijah
2014-05-20add support for webapp on subdomainelijah
2014-04-08minor: allow manual override of 'services' in provider.jsonelijah
2014-03-20allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵elijah
cipher config options.
2014-03-14added support for environment specific providers (e.g. ↵elijah
provider.production.json). requires latest leap_cli.
2013-11-01Change SMTP port to 465 in smtp-service.json (Feature #4339)varac
2013-08-31postfix enable submission port using starttls, so the client can transition ↵Micah Anderson
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
2013-08-29Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵Micah Anderson
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02
2013-07-04bugfix - properly generate provider.json file.elijah
2013-06-04add support for client-side collection of facter facts.elijah
2013-05-21only advertise services that are actually deployed (in public provider.json)elijah
2013-05-17minor - webapp api port should be integer, not string.elijah
2013-05-14added smtp-service.json, requires latest leap_clielijah
2013-04-30added soledad-service.jsonelijah
2013-04-24provider base - service definitions are now versioned (requires new leap_cli)elijah
2013-04-18provider.json 'domain' entry should match the domain suffix of the node.elijah
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-03-16the development tag now specifies an alternative provider domain. this ↵elijah
requires that we use domain.full_suffix instead of provider.domain, whenever possible.
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-01-13added ability to customize the webapp appearanceelijah
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-11-23fix bugs in eip-service.json templateelijah
2012-11-17added missing fingerprint of ca cert to provider definitionelijah
2012-11-15added eip-service.jsonelijah
2012-11-14added provider_base (latest leap_cli required)elijah