Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-05-06 | Restructure site_tor to be more clear and re-usable (fixes #8784). | Micah Anderson | |
This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install. | |||
2017-04-25 | Add single-hop hidden service capability. | Micah Anderson | |
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden. | |||
2017-04-25 | Lint | Micah Anderson | |
2016-09-13 | [bugfix] static sites: only enable hidden service by default if one domain ↵ | elijah | |
is configured The problem is that we have a single onion address per server, so if more than one domain is configured we need to make sure they don't both try to use the same onion address. | |||
2016-09-05 | [style] lint ::site_static class | varac | |
2016-07-21 | fix site_static's call to passenger | elijah | |
2016-06-30 | fix static site apache config | elijah | |
2016-06-28 | Fix for when tor is not an array. | Micah | |
When tor is not configured, then its possible to get this error on deploy: Error: tor is not a hash or array when accessing it with hidden_service at /srv/leap/puppet/modules/site_static/manifests/init.pp:16 on node rewdevstatic1.rewire.org This commit only accesses the array when its enabled. Change-Id: Ia75ac7a51179da980966adba0cc614b9cd642b0c | |||
2016-06-28 | Make static tor hidden services work (#8212). | Micah | |
When tor hidden services were enabled for static sites, only a very basic configuration was setup and it didn't take into account the different location configurations that can be configured for a static site. This commit resolves that by making a site_static::hidden_service class similar to the site_webapp::hidden_service class, and fixes up the apache vhost template to properly create the location blocks for the hidden service vhost. Change-Id: Ice3586f4173bd2d1bd3defca29d21c7403d5a03a | |||
2016-06-27 | Fix the permissions on the DOMAIN/provider.json file for static sites. | elijah | |
2016-06-03 | auto run bundler when needed for site_static | elijah | |
2016-05-03 | migrate from obsolete SSLCertificateChainFile apache option (#8055) | Micah | |
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb | |||
2016-04-18 | [style] more manual linting for custom manifests | varac | |
2016-04-18 | [style] lint some custom manifests | varac | |
I used `puppet-lint -f FILE` to fix most issues, while finishing with manual intervention. | |||
2016-03-13 | static site: don't call site_static::location unless locations are actually ↵ | elijah | |
defined. | |||
2016-01-27 | [bug] [jessie] Fix apache 2.4 auth directives | varac | |
- Resolves: #7853 | |||
2016-01-27 | [refactor] Optimize static apache vhost templates | varac | |
- Related: #7853 | |||
2016-01-22 | restructured site.pp, now only one class gets included in site.pp per ↵ | varac | |
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd | |||
2015-11-30 | fix missing apache modules (#7638) | Micah | |
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0 | |||
2015-11-30 | fix site_apache module class names that were renamed (#7636) | Micah | |
Change-Id: Iea1242b3c27d92cef7b217006211e57631fd7e62 | |||
2015-10-19 | change apache header set for HSTS to be always, otherwise it wont be set for ↵ | Micah | |
redirects (#7540) Change-Id: Ic77c64c03a99dad951f42633de04c352bed17c1e | |||
2015-10-11 | russian text requires amber 0.3.8 | elijah | |
2015-09-30 | Fix server-status availability to tor hidden services (#7456) | Micah Anderson | |
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb | |||
2015-07-21 | Merge remote-tracking branch 'kwadrolab/static-amber-7231' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_static/manifests/init.pp Change-Id: I090b1cb3cbe3c4d01a2c640ae3a370b17e722e12 | |||
2015-07-14 | bump amber version, taking care of puppet ordering with require. | kwadronaut | |
2015-07-09 | use latest amber for static nodes. | elijah | |
2015-07-05 | zlib1g-dev needed for amber gem fixes #7231 | kwadronaut | |
2015-06-24 | remove static site circular dependency (closes #7145) | elijah | |
2015-06-17 | bugfix: site_static module was not including ssl_common.inc | elijah | |
2015-05-26 | Implement weakdh recommendations for cipher suites (#7024) | Micah Anderson | |
This is a first step mitigation until we can have a newer apache that will allow us to specify dh parameters other than the default. Change-Id: Ibfcee53b331e8919466027dde1a93117b5210d9d | |||
2015-04-02 | static: restart apache when tls certs change | elijah | |
2015-01-14 | static site service: pin amber gem to 0.3.4 | elijah | |
2014-12-19 | Add x509 files to static node allowing postfix to work (solves #6577) + ↵ | guido | |
minor lint. https://leap.se/code/issues/6577 Change-Id: Iefefbf3e8fc5c13cdd7e302627504a76b856e725 | |||
2014-10-15 | Disable SSLv3, and RC4 ciphers | Micah Anderson | |
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d | |||
2014-06-02 | static site: better message for wrong location type. | elijah | |
2014-06-02 | remove superfluous RackBaseURI directive | elijah | |
2014-06-02 | work around hiera's inability to escape '%' by using ':percent:' | elijah | |
2014-06-02 | static site: added rack support, added custom apache config | elijah | |
2014-06-02 | added support for /provider.json served from static site. | elijah | |
2014-05-17 | static: pin amber version to 0.3.0 | elijah | |
2014-04-05 | update site_static to work with new amber and have better tls ciphers | elijah | |
2014-03-24 | modules/site_static: part 2 - apache | elijah | |
2014-03-23 | modules/site_static: part 1 - amber | elijah | |