summaryrefslogtreecommitdiff
path: root/provider_base/services
AgeCommit message (Collapse)Author
2015-02-04consolidate sources into common.jsonelijah
2014-12-10https://leap.se/code/issues/6477#note-11varac
Change-Id: I3094be3ef60108f4f2cad5239b0b2f288b39620d
2014-12-09add 'local' contactgroup to local environmet monitoring nodevarac
Change-Id: I1618a8c7f2f7c905b354dbe363fc91b690725479
2014-12-02Change nagios mail To: Header to contain the actual platform environment's ↵Micah Anderson
contact email (Bug #6466) Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05
2014-11-24bind webapp to version/0.6 branchelijah
2014-11-10change default openvpn fragment size back to 1500 so we don't break backward ↵elijah
compatibility with older clients
2014-11-10openvpn - support customizing --fragment, and set default to 1400elijah
2014-11-04tor - to activate hidden service, now set tor.hidden_service.active = trueelijah
2014-10-31add support for property tor.keyelijah
2014-10-29added webapp.forbidden_usernames property to allow configuration of ↵elijah
usernames to block.
2014-10-08every environment is defined as nagios hostsgroup (#5216)varac
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a
2014-09-23couch: for neighbors, use 'couch.mode' instead of 'couch.master' (which ↵elijah
might be false even for multimaster). closes #6064
2014-08-26default to multimaster if no nodes are defined as masterelijah
2014-07-29fix haproxy_servers call with couchdb default portAzul
2014-07-29Merge remote-tracking branch 'fbernitt/issue_5217_allow_registration' into ↵Azul
develop
2014-07-16haproxy connects to a local couch if availableAzul
When running a service that requires couch (webapp or mx) on a node that also had couch running the haproxy was confused because it did not have an stunnel port for the local couch. Emit a more useful error and fixed this for webapp and mx
2014-07-11Added allow_registration to webapp config.yml.Folker Bernitt
- See issue #5217 - See companion change in leap_web
2014-07-01Use new macro pick_node to pick vpn gateway for obfsproxy.jsonirregulator
2014-07-01A vpn node picks its openvpn.gateway as obfsproxy gateway addressirregulator
2014-07-01Attach node's name to scramblesuit password and port secretsirregulator
This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport.
2014-07-01Include obfsproxy descriptors in openvpn.jsonirregulator
This is needed so as obfsproxy service is automatically deployed along with eip service.
2014-07-01Use the try method to pick vpn gateway address in obfsproxy.jsonirregulator
2014-07-01Pick gateway address either from self or another openvpn nodeirregulator
2014-07-01Reflect change in leap_cli, use rand_range macroirregulator
2014-07-01Initial commit for obfsproxy server feature in platformirregulator
2014-06-27added error() macro.elijah
2014-06-25hand replication credentials to tapiceroAzul
2014-06-25fix stunnel entries in mx.json and webapp.jsonelijah
2014-06-25add replication userAzul
2014-06-25tmp comment out error if no master nodes definedelijah
2014-06-25new generic system for stunnel: just `include site_stunnel` and stunnel + ↵elijah
needed shorewall will be automatically set up. requires new leap_cli
2014-06-25couchdb: generate hiera files suitable for plain couchdb + read-only mirrorselijah
2014-06-25more friendly error message in `leap compile` when commercial certificate is ↵elijah
missing.
2014-06-17allow webapp.json to configure what engines are enabledelijah
2014-06-02static site: gracefully handle static sites that are not configured.elijah
2014-06-02static site: added rack support, added custom apache configelijah
2014-06-02added support for /provider.json served from static site.elijah
2014-05-20add support for webapp on subdomainelijah
2014-05-17fix bug with empty tor familieselijah
2014-05-13Revert "update cipher configuration for openvpn to use the IANA name"Micah Anderson
This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there
2014-05-06update cipher configuration for openvpn to use the IANA name, due toMicah Anderson
deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7
2014-05-06add the tun-ipv6 configuration to the eip-service (#4163)Micah Anderson
Change-Id: I4781f0c3e1c74f5a45217a4d631603fa1a622fd6
2014-04-24bring service_levels into webapp config - #5527Azul
including the default_service_level
2014-04-24tor: provide a default 'nickname' (something likeMicah Anderson
"rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a static 'family' and instead provide a comma separated list of node tor nicknames. (#5220) Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a
2014-04-05revert openvpn tls-cipher: closes https://leap.se/code/issues/5429elijah
2014-04-05openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵elijah
https://leap.se/code/issues/4127
2014-04-04Merge branch '0.5' into developMicah Anderson
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
2014-04-02Merge pull request #20 from elijh/feature/openvpn-configvarac
allow ability to customize openvpn security options
2014-04-01Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4Micah Anderson
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132
2014-04-01Include all the ips that are allowed to send mail through the relay inMicah Anderson
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b