summaryrefslogtreecommitdiff
path: root/provider_base/services
AgeCommit message (Collapse)Author
2017-10-05Feat: Refactor tor servicesMicah Anderson
In order to refactor the tor services, we need to split them out into three different services. This adds the hidden service class that is necessary to support the previous commits. Fixes #8864.
2017-10-05Feat: split tor service into threeelijah
The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'.
2017-06-28static - gracefully handle incorrect static site configselijah
2017-05-30static - support for renewing certs with let's encrypt for static siteselijah
2017-05-10Nickserver direct access to couchdb on same nodevarac
Depending whether couchdb is running on the same node as nickserver, couchdb is available on localhost: - When couchdb is running on a different node: Via stunnel, which is bound to 4000. - When couchdb is running on the same node: On port 5984 Resolves: #8793
2017-04-27Merge remote-tracking branch 'origin/merge-requests/77'varac
2017-04-25Add single-hop hidden service capability.Micah Anderson
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-15Direct connection when couch runs locallyvarac
2017-03-15[8144] Remove Haproxyvarac
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2016-12-22bugfix: don't block commercial certs for mx serverselijah
2016-12-19bugfix: mx service does not require a commercial certificateelijah
2016-10-20[bug] properly set 'enrollment_policy' in provider.jsonelijah
2016-10-04[bug] fix Tor hidden service key generationelijah
2016-04-08tests: include _api_tester partial for couchdb nodes.elijah
2016-04-08partials - add support for leap_cli's inheritable service partials (requires ↵elijah
latest develop branch leap_cli)
2016-04-08minor: remove _api_tester.json from soledad test.elijah
2016-04-05testing: adds mx delivery testselijah
2016-02-26plain couchdb now required, bigcouch support disabled.elijah
2016-02-23allow legacy plain couchdb nodes to stay couchdb nodes, although issue a ↵elijah
warning.
2016-02-23added templates for `leap node add`, so that new nodes can get default ↵elijah
values set in their initial .json file.
2016-02-23default to plain couchdb, unless otherwise specified.elijah
# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp
2016-02-23get dkim working, closes #5924elijah
2016-02-10resolves #7646: leap_cli should fail when soledad and couchdb service are ↵elijah
seperated
2015-10-27[bug] Add leap_mx username to soledad.confvarac
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-13add clamav filtering, with sanesecurity signature updating and provider ↵Micah
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-09-24added firewall information to nodes (needed for `leap compile firewall`)elijah
2015-09-09ensure that the webapp has the service levels config it requires.elijah
2015-09-03service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-08-31mx: added mx.key_lookup_domain propertyelijah
2015-08-19allow ca_cert_uri to be configuredelijah
2015-08-03webapp: add support for customizing localeselijah
2015-07-28Support RBL blocking of incoming mail (#5923)Micah Anderson
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
2015-04-30added a bunch more forbidden usernames0.7.0rc1elijah
2015-04-21block username 'vmail'elijah
2015-03-30added support for rotating couchdb databases.elijah
2015-03-19don't set a lower --fragment by default yet (not compatible with android client)elijah
2015-03-05change default MTU to 1400 (#6745)Micah Anderson
Change-Id: Ia4b93776c6ae316b47f6e0b8e2763aa6fa9cab92
2015-02-04consolidate sources into common.jsonelijah
2014-12-10https://leap.se/code/issues/6477#note-11varac
Change-Id: I3094be3ef60108f4f2cad5239b0b2f288b39620d
2014-12-09add 'local' contactgroup to local environmet monitoring nodevarac
Change-Id: I1618a8c7f2f7c905b354dbe363fc91b690725479
2014-12-02Change nagios mail To: Header to contain the actual platform environment's ↵Micah Anderson
contact email (Bug #6466) Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05
2014-11-24bind webapp to version/0.6 branchelijah
2014-11-10change default openvpn fragment size back to 1500 so we don't break backward ↵elijah
compatibility with older clients
2014-11-10openvpn - support customizing --fragment, and set default to 1400elijah
2014-11-04tor - to activate hidden service, now set tor.hidden_service.active = trueelijah
2014-10-31add support for property tor.keyelijah
2014-10-29added webapp.forbidden_usernames property to allow configuration of ↵elijah
usernames to block.
2014-10-08every environment is defined as nagios hostsgroup (#5216)varac
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a