leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2016-05-03	migrate from obsolete SSLCertificateChainFile apache option (#8055)	kwadronaut

2016-05-03	migrate from obsolete SSLCertificateChainFile apache option (#8055)	Micah
	Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
2016-03-11	fix tor-related jessie deprecation problems (#7962)	Micah
	Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639
2015-12-12	[bug] Use guess_apache_version in apache templates	varac
	The apache_version() fact only works if apache is already installed. So we use the guess_apache_version() function from the apache module to determine which apache version is to be installed. - Resolves: #7681
2015-11-17	[deprec] use @ in front of erb template tags	varac
	Puppet 3 shows now deprecation warnings if the "@" is missing. see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug\|feat\|docs\|style\|refactor\|test\|pkg\|i18n]
2015-11-17	[bug] [jessie] Allow apache to access webapp dir	varac
	- Resolves: #7580
2015-11-17	[feat] Query erb variables like puppet 3 needs it	varac
	- Related: #6920
2015-10-20	Provide tor hidden service configuration for static sites (#7546)	Micah
	Without this configuration, a very basic, and non-functional virtualhost is created, making the hidden service not work Change-Id: Ibe87c6acf5c21cff2388247c4ba320a5b6af7933
2015-10-19	Redirect to webapp_domain instead of domain	guido
	This is needed for webapp when running on a subdomain.
2015-04-08	Disable passenger when pnp4nagios is being fetched, this is part of	Micah Anderson
	Change-Id: I21e9af3ef76f19924e58df5b40f4097d42fbf1cd
2015-03-30	Adds apache support for webapp.domain if defined on :80, completes fix for #6632	guido

2015-01-12	Adds apache support for webapp.domain if defined. Fixes #6632	guido
	Change-Id: If63aac60e44c4a68f030f93e20e8dc071f9df610
2014-12-22	Adds a ssl_common.inc file to use inside vhosts for the SSL config (solves ↵	guido
	#5103) Change-Id: I717bf7ca2c5679165a99370c4540f8b8dc1a48ea
2014-11-04	Adds support for Tor hidden service on webapp (Feature #6273)	guido
	Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
2014-10-15	Disable SSLv3, and RC4 ciphers	Micah Anderson
	Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d
2014-09-25	stop logging user-agent in apache, fixes #6129	Micah Anderson
	Change-Id: I66384ae4a723be063790362f70e57228a0f1539b
2014-04-02	Update TLS apache vhost TLS configuration (#5137):	Micah Anderson
	. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043
2014-02-10	move leap_webapp.conf template to common.conf which is included by the ↵	varac
	nagios and webapp node (#5096)
2013-11-22	improvements to webapp deployment: allow for greater customization, allow ↵	elijah
	for custom git source, improve apache config.
2013-10-18	"Header set X-Frame-Options: Allow" only for nagios (Bug #4169)	varac
	Nagios won't work with setting this option to "DENY", as set in conf.d/security (#4169). Therefor we allow it here, only for nagios.
2013-09-24	Webapp doesn't serve commercial cert (Bug #3916)	varac

2013-09-24	move commercial x509 deployment to site_x509 (Feature #3889)	varac

2013-09-22	Merge branch 'api-crt-3384' into develop fixes #3384	kwadronaut

2013-09-22	adding fqdn as default servername and moving service.domain to ServerAlias ↵	kwadronaut
	(fixing #3384) node name and dns fqdn could be different Also note that on local deploys that warning from #3384 will continue to exist (because of dns)
2013-09-20	fix whitespace issues from https://review.leap.se/r/82	varac

2013-09-19	tidy webapp api x509 definitions (#3840)	varac

2013-08-22	add HSTS if hiera value for webapp['secure'] is set (#3514)	Micah Anderson
	Change-Id: Idd413349ec0b99835a1cbb4fb4c4fcef1a8fdeab
2013-08-21	Disable verbose, identifying apache headers (#3462):	Micah Anderson
	. Disable ServerSignature . Set ServerTokens Prod . unset the X-Powered-By and X-Runtime apache headers Change-Id: Iddb2cb9a0465bc7f657581adaacbbf748479fd7a
2013-06-25	fix for #2986 - the services variable is no longer an array	Micah Anderson
	Change-Id: Ia6fc60c0c1fdfa50e1d6d981699c1d8010df63fc
2013-05-22	change paths for leap webapp to be under /srv/leap/webapp from /srv/leap-webapp	Micah Anderson

2013-04-18	webapp: removed "Alias /1" from apache config	elijah

2013-01-31	install an apache Directory override block to disable passenger for nagios, ↵	Micah Anderson
	if the node is a monitor node
2012-12-19	webapp api now uses a customizable port (so that we don't try to rely on SNI ↵	elijah
	for hosting two TLS domains on one IP).
2012-12-11	replace Documentroot path from - to _	Micah Anderson

2012-11-27	fix location of SSLCertificateChainFile location	Micah Anderson

2012-11-27	map /1 -> document root	Micah Anderson

2012-11-27	add site_webapp class to install the certs/keys/CAs and virtual host ↵	Micah Anderson
	configurations