summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static
AgeCommit message (Collapse)Author
2017-04-25Add single-hop hidden service capability.Micah Anderson
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-04-25LintMicah Anderson
2016-09-13[bugfix] static sites: only enable hidden service by default if one domain ↵elijah
is configured The problem is that we have a single onion address per server, so if more than one domain is configured we need to make sure they don't both try to use the same onion address.
2016-09-05[style] lint ::site_static classvarac
2016-07-21fix site_static's call to passengerelijah
2016-06-30fix static site apache configelijah
2016-06-28Fix for when tor is not an array.Micah
When tor is not configured, then its possible to get this error on deploy: Error: tor is not a hash or array when accessing it with hidden_service at /srv/leap/puppet/modules/site_static/manifests/init.pp:16 on node rewdevstatic1.rewire.org This commit only accesses the array when its enabled. Change-Id: Ia75ac7a51179da980966adba0cc614b9cd642b0c
2016-06-28Make static tor hidden services work (#8212).Micah
When tor hidden services were enabled for static sites, only a very basic configuration was setup and it didn't take into account the different location configurations that can be configured for a static site. This commit resolves that by making a site_static::hidden_service class similar to the site_webapp::hidden_service class, and fixes up the apache vhost template to properly create the location blocks for the hidden service vhost. Change-Id: Ice3586f4173bd2d1bd3defca29d21c7403d5a03a
2016-06-27Fix the permissions on the DOMAIN/provider.json file for static sites.elijah
2016-06-03auto run bundler when needed for site_staticelijah
2016-05-03migrate from obsolete SSLCertificateChainFile apache option (#8055)Micah
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
2016-04-18[style] more manual linting for custom manifestsvarac
2016-04-18[style] lint some custom manifestsvarac
I used `puppet-lint -f FILE` to fix most issues, while finishing with manual intervention.
2016-03-13static site: don't call site_static::location unless locations are actually ↵elijah
defined.
2016-01-27[bug] [jessie] Fix apache 2.4 auth directivesvarac
- Resolves: #7853
2016-01-27[refactor] Optimize static apache vhost templatesvarac
- Related: #7853
2016-01-22restructured site.pp, now only one class gets included in site.pp per ↵varac
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
2015-11-30fix missing apache modules (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-30fix site_apache module class names that were renamed (#7636)Micah
Change-Id: Iea1242b3c27d92cef7b217006211e57631fd7e62
2015-10-19change apache header set for HSTS to be always, otherwise it wont be set for ↵Micah
redirects (#7540) Change-Id: Ic77c64c03a99dad951f42633de04c352bed17c1e
2015-10-11russian text requires amber 0.3.8elijah
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-07-21Merge remote-tracking branch 'kwadrolab/static-amber-7231' into developMicah Anderson
Conflicts: puppet/modules/site_static/manifests/init.pp Change-Id: I090b1cb3cbe3c4d01a2c640ae3a370b17e722e12
2015-07-14bump amber version, taking care of puppet ordering with require.kwadronaut
2015-07-09use latest amber for static nodes.elijah
2015-07-05zlib1g-dev needed for amber gem fixes #7231kwadronaut
2015-06-24remove static site circular dependency (closes #7145)elijah
2015-06-17bugfix: site_static module was not including ssl_common.incelijah
2015-05-26Implement weakdh recommendations for cipher suites (#7024)Micah Anderson
This is a first step mitigation until we can have a newer apache that will allow us to specify dh parameters other than the default. Change-Id: Ibfcee53b331e8919466027dde1a93117b5210d9d
2015-04-02static: restart apache when tls certs changeelijah
2015-01-14static site service: pin amber gem to 0.3.4elijah
2014-12-19Add x509 files to static node allowing postfix to work (solves #6577) + ↵guido
minor lint. https://leap.se/code/issues/6577 Change-Id: Iefefbf3e8fc5c13cdd7e302627504a76b856e725
2014-10-15Disable SSLv3, and RC4 ciphersMicah Anderson
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d
2014-06-02static site: better message for wrong location type.elijah
2014-06-02remove superfluous RackBaseURI directiveelijah
2014-06-02work around hiera's inability to escape '%' by using ':percent:'elijah
2014-06-02static site: added rack support, added custom apache configelijah
2014-06-02added support for /provider.json served from static site.elijah
2014-05-17static: pin amber version to 0.3.0elijah
2014-04-05update site_static to work with new amber and have better tls cipherselijah
2014-03-24modules/site_static: part 2 - apacheelijah
2014-03-23modules/site_static: part 1 - amberelijah