Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-10-15 | Disable SSLv3, and RC4 ciphers | Micah Anderson | |
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d | |||
2014-04-02 | Update TLS apache vhost TLS configuration (#5137): | Micah Anderson | |
. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043 | |||
2014-02-10 | move leap_webapp.conf template to common.conf which is included by the ↵ | varac | |
nagios and webapp node (#5096) | |||
2013-11-22 | improvements to webapp deployment: allow for greater customization, allow ↵ | elijah | |
for custom git source, improve apache config. | |||
2013-10-18 | "Header set X-Frame-Options: Allow" only for nagios (Bug #4169) | varac | |
Nagios won't work with setting this option to "DENY", as set in conf.d/security (#4169). Therefor we allow it here, only for nagios. | |||
2013-09-24 | Webapp doesn't serve commercial cert (Bug #3916) | varac | |
2013-09-24 | move commercial x509 deployment to site_x509 (Feature #3889) | varac | |
2013-09-22 | Merge branch 'api-crt-3384' into develop fixes #3384 | kwadronaut | |
2013-09-22 | adding fqdn as default servername and moving service.domain to ServerAlias ↵ | kwadronaut | |
(fixing #3384) node name and dns fqdn could be different Also note that on local deploys that warning from #3384 will continue to exist (because of dns) | |||
2013-09-20 | fix whitespace issues from https://review.leap.se/r/82 | varac | |
2013-09-19 | tidy webapp api x509 definitions (#3840) | varac | |
2013-08-22 | add HSTS if hiera value for webapp['secure'] is set (#3514) | Micah Anderson | |
Change-Id: Idd413349ec0b99835a1cbb4fb4c4fcef1a8fdeab | |||
2013-08-21 | Disable verbose, identifying apache headers (#3462): | Micah Anderson | |
. Disable ServerSignature . Set ServerTokens Prod . unset the X-Powered-By and X-Runtime apache headers Change-Id: Iddb2cb9a0465bc7f657581adaacbbf748479fd7a | |||
2013-06-25 | fix for #2986 - the services variable is no longer an array | Micah Anderson | |
Change-Id: Ia6fc60c0c1fdfa50e1d6d981699c1d8010df63fc | |||
2013-05-22 | change paths for leap webapp to be under /srv/leap/webapp from /srv/leap-webapp | Micah Anderson | |
2013-04-18 | webapp: removed "Alias /1" from apache config | elijah | |
2013-01-31 | install an apache Directory override block to disable passenger for nagios, ↵ | Micah Anderson | |
if the node is a monitor node | |||
2012-12-19 | webapp api now uses a customizable port (so that we don't try to rely on SNI ↵ | elijah | |
for hosting two TLS domains on one IP). | |||
2012-12-11 | replace Documentroot path from - to _ | Micah Anderson | |
2012-11-27 | fix location of SSLCertificateChainFile location | Micah Anderson | |
2012-11-27 | map /1 -> document root | Micah Anderson | |
2012-11-27 | add site_webapp class to install the certs/keys/CAs and virtual host ↵ | Micah Anderson | |
configurations |