summaryrefslogtreecommitdiff
path: root/provider_base/services
AgeCommit message (Collapse)Author
2017-06-28static - gracefully handle incorrect static site configselijah
2017-05-30static - support for renewing certs with let's encrypt for static siteselijah
2017-05-10Nickserver direct access to couchdb on same nodevarac
Depending whether couchdb is running on the same node as nickserver, couchdb is available on localhost: - When couchdb is running on a different node: Via stunnel, which is bound to 4000. - When couchdb is running on the same node: On port 5984 Resolves: #8793
2017-04-27Merge remote-tracking branch 'origin/merge-requests/77'varac
2017-04-25Add single-hop hidden service capability.Micah Anderson
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-15Direct connection when couch runs locallyvarac
2017-03-15[8144] Remove Haproxyvarac
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2016-12-22bugfix: don't block commercial certs for mx serverselijah
2016-12-19bugfix: mx service does not require a commercial certificateelijah
2016-10-20[bug] properly set 'enrollment_policy' in provider.jsonelijah
2016-10-04[bug] fix Tor hidden service key generationelijah
2016-04-08tests: include _api_tester partial for couchdb nodes.elijah
2016-04-08partials - add support for leap_cli's inheritable service partials (requires ↵elijah
latest develop branch leap_cli)
2016-04-08minor: remove _api_tester.json from soledad test.elijah
2016-04-05testing: adds mx delivery testselijah
2016-02-26plain couchdb now required, bigcouch support disabled.elijah
2016-02-23allow legacy plain couchdb nodes to stay couchdb nodes, although issue a ↵elijah
warning.
2016-02-23added templates for `leap node add`, so that new nodes can get default ↵elijah
values set in their initial .json file.
2016-02-23default to plain couchdb, unless otherwise specified.elijah
# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp
2016-02-23get dkim working, closes #5924elijah
2016-02-10resolves #7646: leap_cli should fail when soledad and couchdb service are ↵elijah
seperated
2015-10-27[bug] Add leap_mx username to soledad.confvarac
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-13add clamav filtering, with sanesecurity signature updating and provider ↵Micah
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-09-24added firewall information to nodes (needed for `leap compile firewall`)elijah
2015-09-09ensure that the webapp has the service levels config it requires.elijah
2015-09-03service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-08-31mx: added mx.key_lookup_domain propertyelijah
2015-08-19allow ca_cert_uri to be configuredelijah
2015-08-03webapp: add support for customizing localeselijah
2015-07-28Support RBL blocking of incoming mail (#5923)Micah Anderson
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
2015-04-30added a bunch more forbidden usernames0.7.0rc1elijah
2015-04-21block username 'vmail'elijah
2015-03-30added support for rotating couchdb databases.elijah
2015-03-19don't set a lower --fragment by default yet (not compatible with android client)elijah
2015-03-05change default MTU to 1400 (#6745)Micah Anderson
Change-Id: Ia4b93776c6ae316b47f6e0b8e2763aa6fa9cab92
2015-02-04consolidate sources into common.jsonelijah
2014-12-10https://leap.se/code/issues/6477#note-11varac
Change-Id: I3094be3ef60108f4f2cad5239b0b2f288b39620d
2014-12-09add 'local' contactgroup to local environmet monitoring nodevarac
Change-Id: I1618a8c7f2f7c905b354dbe363fc91b690725479
2014-12-02Change nagios mail To: Header to contain the actual platform environment's ↵Micah Anderson
contact email (Bug #6466) Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05
2014-11-24bind webapp to version/0.6 branchelijah
2014-11-10change default openvpn fragment size back to 1500 so we don't break backward ↵elijah
compatibility with older clients
2014-11-10openvpn - support customizing --fragment, and set default to 1400elijah
2014-11-04tor - to activate hidden service, now set tor.hidden_service.active = trueelijah
2014-10-31add support for property tor.keyelijah
2014-10-29added webapp.forbidden_usernames property to allow configuration of ↵elijah
usernames to block.
2014-10-08every environment is defined as nagios hostsgroup (#5216)varac
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a
2014-09-23couch: for neighbors, use 'couch.mode' instead of 'couch.master' (which ↵elijah
might be false even for multimaster). closes #6064
2014-08-26default to multimaster if no nodes are defined as masterelijah