Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-10-31 | add support for property tor.key | elijah | |
2014-10-29 | added webapp.forbidden_usernames property to allow configuration of ↵ | elijah | |
usernames to block. | |||
2014-10-21 | update platform to take advantage of new platform.rb. requires leap_cli 1.6 | elijah | |
2014-10-20 | bumped default server certificate bit size to 4096 | elijah | |
2014-10-08 | every environment is defined as nagios hostsgroup (#5216) | varac | |
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a | |||
2014-09-23 | couch: for neighbors, use 'couch.mode' instead of 'couch.master' (which ↵ | elijah | |
might be false even for multimaster). closes #6064 | |||
2014-08-26 | default to multimaster if no nodes are defined as master | elijah | |
2014-07-29 | fix haproxy_servers call with couchdb default port | Azul | |
2014-07-29 | Merge remote-tracking branch 'fbernitt/issue_5217_allow_registration' into ↵ | Azul | |
develop | |||
2014-07-16 | haproxy connects to a local couch if available | Azul | |
When running a service that requires couch (webapp or mx) on a node that also had couch running the haproxy was confused because it did not have an stunnel port for the local couch. Emit a more useful error and fixed this for webapp and mx | |||
2014-07-11 | Added allow_registration to webapp config.yml. | Folker Bernitt | |
- See issue #5217 - See companion change in leap_web | |||
2014-07-01 | Use new macro pick_node to pick vpn gateway for obfsproxy.json | irregulator | |
2014-07-01 | A vpn node picks its openvpn.gateway as obfsproxy gateway address | irregulator | |
2014-07-01 | Attach node's name to scramblesuit password and port secrets | irregulator | |
This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport. | |||
2014-07-01 | Include obfsproxy descriptors in openvpn.json | irregulator | |
This is needed so as obfsproxy service is automatically deployed along with eip service. | |||
2014-07-01 | Use the try method to pick vpn gateway address in obfsproxy.json | irregulator | |
2014-07-01 | Pick gateway address either from self or another openvpn node | irregulator | |
2014-07-01 | Reflect change in leap_cli, use rand_range macro | irregulator | |
2014-07-01 | Initial commit for obfsproxy server feature in platform | irregulator | |
2014-06-27 | added error() macro. | elijah | |
2014-06-26 | make try{} macro also catch ArgumentErrors | elijah | |
2014-06-25 | hand replication credentials to tapicero | Azul | |
2014-06-25 | haproxy: support read only couchdb mirrors | elijah | |
2014-06-25 | fix stunnel entries in mx.json and webapp.json | elijah | |
2014-06-25 | moved json macros to provider_base/lib/macros. requires new unreleased leap_cli | elijah | |
2014-06-25 | add replication user | Azul | |
2014-06-25 | tmp comment out error if no master nodes defined | elijah | |
2014-06-25 | new generic system for stunnel: just `include site_stunnel` and stunnel + ↵ | elijah | |
needed shorewall will be automatically set up. requires new leap_cli | |||
2014-06-25 | couchdb: generate hiera files suitable for plain couchdb + read-only mirrors | elijah | |
2014-06-25 | fix commercial cert usage with mx and monitor nodes. | elijah | |
2014-06-25 | more friendly error message in `leap compile` when commercial certificate is ↵ | elijah | |
missing. | |||
2014-06-17 | allow webapp.json to configure what engines are enabled | elijah | |
2014-06-02 | static site: gracefully handle static sites that are not configured. | elijah | |
2014-06-02 | static site: added rack support, added custom apache config | elijah | |
2014-06-02 | added support for /provider.json served from static site. | elijah | |
2014-05-20 | add support for webapp on subdomain | elijah | |
2014-05-20 | changed the default service levels to be more minimal, because it is ↵ | elijah | |
currently impossible to entirely overwrite the service.levels hash. | |||
2014-05-17 | fix bug with empty tor families | elijah | |
2014-05-14 | use hash for provider service levels | Azul | |
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now. | |||
2014-05-13 | Revert "update cipher configuration for openvpn to use the IANA name" | Micah Anderson | |
This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there | |||
2014-05-06 | update cipher configuration for openvpn to use the IANA name, due to | Micah Anderson | |
deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7 | |||
2014-05-06 | add the tun-ipv6 configuration to the eip-service (#4163) | Micah Anderson | |
Change-Id: I4781f0c3e1c74f5a45217a4d631603fa1a622fd6 | |||
2014-04-24 | bring service_levels into webapp config - #5527 | Azul | |
including the default_service_level | |||
2014-04-24 | tor: provide a default 'nickname' (something like | Micah Anderson | |
"rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a static 'family' and instead provide a comma separated list of node tor nicknames. (#5220) Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a | |||
2014-04-08 | minor: allow manual override of 'services' in provider.json | elijah | |
2014-04-05 | revert openvpn tls-cipher: closes https://leap.se/code/issues/5429 | elijah | |
2014-04-05 | openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵ | elijah | |
https://leap.se/code/issues/4127 | |||
2014-04-04 | Merge branch '0.5' into develop | Micah Anderson | |
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf | |||
2014-04-02 | Merge pull request #20 from elijh/feature/openvpn-config | varac | |
allow ability to customize openvpn security options | |||
2014-04-01 | Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4 | Micah Anderson | |
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132 |