Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-07-27 | Bug: allow old client to connect to VPN | Micah Anderson | |
The old client is compatible, just the version check did not allow it. People are still relying on the old client for a while, and this prevents people from upgrading. This fixes #8850. | |||
2017-07-18 | by default, new providers will now require invites. requires leap_cli ↵ | elijah | |
4173154a177b00c11a36b3168b1ce12af59f04af or later (>1.9.2). resolves #8474. create new invites with `leap run invite` | |||
2017-06-28 | static - gracefully handle incorrect static site configs | elijah | |
2017-06-21 | Use apt master component for LEAP packages | Varac | |
Currently, the platform configures the `snapshots` component in /etc/apt/sources.list.d/leap.list. `snapshots` contains packages uploaded by feature branches and merge requests so we change to `master` (which contains packges built from changes to the master branches. Resolves: #8828 | |||
2017-05-30 | static - support for renewing certs with let's encrypt for static sites | elijah | |
2017-05-10 | Nickserver direct access to couchdb on same node | varac | |
Depending whether couchdb is running on the same node as nickserver, couchdb is available on localhost: - When couchdb is running on a different node: Via stunnel, which is bound to 4000. - When couchdb is running on the same node: On port 5984 Resolves: #8793 | |||
2017-04-27 | Merge remote-tracking branch 'origin/merge-requests/77' | varac | |
2017-04-25 | Add single-hop hidden service capability. | Micah Anderson | |
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden. | |||
2017-03-22 | webapp: add secret_key_base to config | Azul | |
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while. | |||
2017-03-16 | Use http://deb.leap.se/platform jessie snapshots for platform CI | varac | |
2017-03-16 | Make platform apt dist/component configurable | varac | |
2017-03-16 | Try new packages from exerimental-gitbuildpackage | varac | |
2017-03-15 | Direct connection when couch runs locally | varac | |
2017-03-15 | [8144] Remove Haproxy | varac | |
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144 | |||
2017-01-03 | Revert "Use experimental-0.9 instead of experimental-platform" | varac | |
This reverts commit 44cae3cf731d29fd1e882cf35526fb0e098914d2. | |||
2016-12-23 | Use experimental-0.9 instead of experimental-platform | varac | |
experimental-platform is still WIP, see https://leap.se/code/issues/8437#note-8 for more details | |||
2016-12-22 | bugfix: don't block commercial certs for mx servers | elijah | |
2016-12-22 | COMPATIBILITY CHANGE: set platform version to 0.10 & require client 0.9.4 or ↵ | elijah | |
later | |||
2016-12-19 | bugfix: mx service does not require a commercial certificate | elijah | |
2016-12-08 | Use webapp/nickserver:master on leap_platform:master (#8678) | varac | |
2016-11-10 | Use webapp 0.9develop | varac | |
2016-10-20 | [bug] properly set 'enrollment_policy' in provider.json | elijah | |
2016-10-20 | upgrade: nickserver version 0.9.x | Azul | |
2016-10-04 | [bug] fix Tor hidden service key generation | elijah | |
2016-09-01 | added support for Let's Encrypt | elijah | |
2016-08-23 | added 'leap vm' command | elijah | |
2016-08-04 | switch to deb.d.o from httpredir.d.o (#8288). | Micah | |
The deb.debian.org method may be a better one than httpredir: . deb.debian.org is maintained much more reliably than httpredir . httpredir is backed by the mirror network; deb.d.o is by a CDN . httpredir redirects to the mirror network. deb.d.o is a cache that sits in front of ftp.d.o (and security, and debug, and ports) . one potential disadvantage: deb.d.o's CDN is a commercial service (fastly) that donates its traffic to debian . in stretch and later, apt uses the SRV records of deb.d.o to find places instead of HTTP redirects . local peering arrangements of fastly are likely to result in mirror choices that are more local (and thus faster) to the machine Peering arrangements for the deb.d.o CDN can be seen here: https://www.peeringdb.com/asn/54113 Change-Id: I4dee089a3b2f674860bfff21eb25a6e37c491d32 | |||
2016-04-10 | pin nickserver source to origin/version/0.8 | elijah | |
2016-04-08 | tests: include _api_tester partial for couchdb nodes. | elijah | |
2016-04-08 | partials - add support for leap_cli's inheritable service partials (requires ↵ | elijah | |
latest develop branch leap_cli) | |||
2016-04-08 | minor: remove _api_tester.json from soledad test. | elijah | |
2016-04-05 | testing: adds mx delivery tests | elijah | |
2016-02-26 | plain couchdb now required, bigcouch support disabled. | elijah | |
2016-02-23 | allow legacy plain couchdb nodes to stay couchdb nodes, although issue a ↵ | elijah | |
warning. | |||
2016-02-23 | added templates for `leap node add`, so that new nodes can get default ↵ | elijah | |
values set in their initial .json file. | |||
2016-02-23 | default to plain couchdb, unless otherwise specified. | elijah | |
# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp | |||
2016-02-23 | get dkim working, closes #5924 | elijah | |
2016-02-10 | resolves #7646: leap_cli should fail when soledad and couchdb service are ↵ | elijah | |
seperated | |||
2016-01-26 | pin webapp to 0.8 | elijah | |
2015-12-10 | [bug] Configure default sources.platform.apt.basic | varac | |
Providing a custom sources.platform.apt.basic value worked with the last commit, but without that the platform would fail. So we provide a default value now in provider_base/common.json, which can get overridden. | |||
2015-10-27 | [bug] Add leap_mx username to soledad.conf | varac | |
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127 | |||
2015-10-13 | add clamav filtering, with sanesecurity signature updating and provider ↵ | Micah | |
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616 | |||
2015-10-06 | [feat] Remove tapicero from more places | varac | |
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501 | |||
2015-09-24 | added firewall information to nodes (needed for `leap compile firewall`) | elijah | |
2015-09-10 | sshd: let nodes change default AllowTcpForwarding | elijah | |
2015-09-09 | ensure that the webapp has the service levels config it requires. | elijah | |
2015-09-09 | updates to zone compile and tags/development.json to be compatible with the ↵ | elijah | |
definition of 'domain' in provider.env.json. | |||
2015-09-03 | service definition .json files should not refer to properties inherited from ↵ | elijah | |
common.json. closes #7423 | |||
2015-08-31 | mx: added mx.key_lookup_domain property | elijah | |
2015-08-19 | allow ca_cert_uri to be configured | elijah | |