summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2014-11-10openvpn - support customizing --fragment, and set default to 1400elijah
2014-11-04tor - to activate hidden service, now set tor.hidden_service.active = trueelijah
2014-10-31add support for property tor.keyelijah
2014-10-29added webapp.forbidden_usernames property to allow configuration of ↵elijah
usernames to block.
2014-10-21update platform to take advantage of new platform.rb. requires leap_cli 1.6elijah
2014-10-20bumped default server certificate bit size to 4096elijah
2014-10-08every environment is defined as nagios hostsgroup (#5216)varac
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a
2014-09-23couch: for neighbors, use 'couch.mode' instead of 'couch.master' (which ↵elijah
might be false even for multimaster). closes #6064
2014-08-26default to multimaster if no nodes are defined as masterelijah
2014-07-29fix haproxy_servers call with couchdb default portAzul
2014-07-29Merge remote-tracking branch 'fbernitt/issue_5217_allow_registration' into ↵Azul
develop
2014-07-16haproxy connects to a local couch if availableAzul
When running a service that requires couch (webapp or mx) on a node that also had couch running the haproxy was confused because it did not have an stunnel port for the local couch. Emit a more useful error and fixed this for webapp and mx
2014-07-11Added allow_registration to webapp config.yml.Folker Bernitt
- See issue #5217 - See companion change in leap_web
2014-07-01Use new macro pick_node to pick vpn gateway for obfsproxy.jsonirregulator
2014-07-01A vpn node picks its openvpn.gateway as obfsproxy gateway addressirregulator
2014-07-01Attach node's name to scramblesuit password and port secretsirregulator
This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport.
2014-07-01Include obfsproxy descriptors in openvpn.jsonirregulator
This is needed so as obfsproxy service is automatically deployed along with eip service.
2014-07-01Use the try method to pick vpn gateway address in obfsproxy.jsonirregulator
2014-07-01Pick gateway address either from self or another openvpn nodeirregulator
2014-07-01Reflect change in leap_cli, use rand_range macroirregulator
2014-07-01Initial commit for obfsproxy server feature in platformirregulator
2014-06-27added error() macro.elijah
2014-06-26make try{} macro also catch ArgumentErrorselijah
2014-06-25hand replication credentials to tapiceroAzul
2014-06-25haproxy: support read only couchdb mirrorselijah
2014-06-25fix stunnel entries in mx.json and webapp.jsonelijah
2014-06-25moved json macros to provider_base/lib/macros. requires new unreleased leap_clielijah
2014-06-25add replication userAzul
2014-06-25tmp comment out error if no master nodes definedelijah
2014-06-25new generic system for stunnel: just `include site_stunnel` and stunnel + ↵elijah
needed shorewall will be automatically set up. requires new leap_cli
2014-06-25couchdb: generate hiera files suitable for plain couchdb + read-only mirrorselijah
2014-06-25fix commercial cert usage with mx and monitor nodes.elijah
2014-06-25more friendly error message in `leap compile` when commercial certificate is ↵elijah
missing.
2014-06-17allow webapp.json to configure what engines are enabledelijah
2014-06-02static site: gracefully handle static sites that are not configured.elijah
2014-06-02static site: added rack support, added custom apache configelijah
2014-06-02added support for /provider.json served from static site.elijah
2014-05-20add support for webapp on subdomainelijah
2014-05-20changed the default service levels to be more minimal, because it is ↵elijah
currently impossible to entirely overwrite the service.levels hash.
2014-05-17fix bug with empty tor familieselijah
2014-05-14use hash for provider service levelsAzul
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now.
2014-05-13Revert "update cipher configuration for openvpn to use the IANA name"Micah Anderson
This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there
2014-05-06update cipher configuration for openvpn to use the IANA name, due toMicah Anderson
deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7
2014-05-06add the tun-ipv6 configuration to the eip-service (#4163)Micah Anderson
Change-Id: I4781f0c3e1c74f5a45217a4d631603fa1a622fd6
2014-04-24bring service_levels into webapp config - #5527Azul
including the default_service_level
2014-04-24tor: provide a default 'nickname' (something likeMicah Anderson
"rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a static 'family' and instead provide a comma separated list of node tor nicknames. (#5220) Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a
2014-04-08minor: allow manual override of 'services' in provider.jsonelijah
2014-04-05revert openvpn tls-cipher: closes https://leap.se/code/issues/5429elijah
2014-04-05openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵elijah
https://leap.se/code/issues/4127
2014-04-04Merge branch '0.5' into developMicah Anderson
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf