Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-05-06 | Restructure site_tor to be more clear and re-usable (fixes #8784). | Micah Anderson | |
This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install. | |||
2017-04-27 | Merge remote-tracking branch 'origin/merge-requests/77' | varac | |
2017-04-25 | Add single-hop hidden service capability. | Micah Anderson | |
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden. | |||
2017-04-25 | Lint | Micah Anderson | |
2017-03-22 | webapp: add secret_key_base to config | Azul | |
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while. | |||
2017-03-15 | Direct connection when couch runs locally | varac | |
2017-03-15 | [8144] Remove Haproxy | varac | |
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144 | |||
2017-03-15 | Linted couchdb.pp | varac | |
2016-08-30 | lint site_webapp/manifests/init.pp | varac | |
2016-08-30 | [feat] Use twisted 16.2 from jessie-backports | varac | |
New soledad packages now depend on Twisted 16.2.0 (see https://leap.se/code/issues/8412), so we need to pin twisted to get installed from jessie-backports. - Resolves: #8418 | |||
2016-07-13 | Newest passenger module dont manage munin by default | varac | |
2016-06-28 | Stop tor from restarting on every deploy (#8211). | Micah | |
We were creating the hidden service name without a newline, and then tor would be restarted and change the hidden service hostname file to have a newline, which would then require that the next deploy would change that file to not have a newline again. This fixes that problem by making the hostname have a newline so it matches what tor wants. Change-Id: I38f450684d557cf943ec94f2f8e19cda3aefdf66 | |||
2016-06-28 | Reload tor if config or key is changed (#8210). | Micah | |
Change-Id: I3d733b6645c804a5fb337ad4b8edc59a66ad50b5 | |||
2016-06-27 | Lint and Document site_webapp::hidden_service | varac | |
2016-04-18 | [style] more manual linting for custom manifests | varac | |
2016-03-11 | fix tor-related jessie deprecation problems (#7962) | Micah | |
Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639 | |||
2016-03-04 | fix location of couchdb.admin.yml | elijah | |
2016-03-04 | ensure /var/leap/couchdb exists before creating files there. | elijah | |
2016-03-04 | move the location of couchdb.admin.yml so that it does not need to have its ↵ | elijah | |
ownership reset on each deploy. | |||
2016-02-02 | don't deploy bundler debug to servers | kwadronaut | |
2016-01-22 | restructured site.pp, now only one class gets included in site.pp per ↵ | varac | |
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd | |||
2016-01-04 | Fix status module invocation for hidden service enabled webapps (#7776) | Micah | |
Change-Id: I101e4c9791102123d4334e1b84a48dacea99ac52 | |||
2015-11-30 | fix missing apache status module (#7638) | Micah | |
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0 | |||
2015-11-17 | [bug] [jessie] Load needed modules for apache 2.4 | varac | |
- Related: #6920 | |||
2015-10-30 | [feat] Add soledad::client class for soledad-sync | varac | |
- Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523 | |||
2015-10-07 | [bug] Fix removal of webapp apache config file | varac | |
Done by including a service-dependend site_config::remove::webapp class. | |||
2015-09-30 | Fix server-status availability to tor hidden services (#7456) | Micah Anderson | |
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb | |||
2015-09-03 | make couchdb.admin.yml only readable by root, make non-admin cron run as ↵ | elijah | |
webapp user. | |||
2015-04-16 | properly clean up unused files | elijah | |
2015-04-16 | clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to ↵ | elijah | |
their own files, fix mx logwatch path. | |||
2015-04-15 | disable 'rake cleanup:sessions' cron job. | elijah | |
2015-04-08 | move rotated db creation to site_couchdb and fix rotated db tests | elijah | |
2015-03-30 | added support for rotating couchdb databases. | elijah | |
2015-02-04 | consolidate sources into common.json | elijah | |
2015-01-12 | Adds apache support for webapp.domain if defined. Fixes #6632 | guido | |
Change-Id: If63aac60e44c4a68f030f93e20e8dc071f9df610 | |||
2014-12-09 | Soledad sync check needs python-u1db package installed (Bug #6520) | varac | |
Change-Id: I8a6c27434f548f24d9dba1a969699200ab307477 | |||
2014-12-02 | Use $hostname to locate tor.key. Fixes #6478 | guido | |
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d | |||
2014-11-07 | Better check for tor hidden service on a webapp node. | guido | |
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6 | |||
2014-11-04 | Adds support for Tor hidden service on webapp (Feature #6273) | guido | |
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5 | |||
2014-09-03 | Merge branch 'master' into develop | varac | |
Conflicts: platform.rb puppet/modules/site_config/manifests/hosts.pp | |||
2014-08-28 | syslog logs everything but webapp FIX #6020 | guido | |
2014-08-05 | Fixes: #5952 Webapp now logs to it's own file instead of syslog and user.log | guido | |
2014-06-25 | stunnel: make site_mx and site_webapp use new site_stunnel | elijah | |
2014-06-17 | allow webapp.json to configure what engines are enabled | elijah | |
2014-05-22 | remove old classes | Christoph | |
site_mx::haproxy and site_webapp::haproxy only included site_haproxy. They didn't do anything else. So just include site_haproxy in manifests/init.pp and remove the unused classes | |||
2014-05-22 | fix haproxy config if webapp and mx run on the same host | Christoph | |
the problem was, that both site_mx::haproxy and site_webapp::haproxy declared the same resource. I fixed it by moving that resource to site_haproxy. Since that gets included by both classes, everything works like a charm | |||
2014-02-27 | check syslog for webapp errors | varac | |
2014-02-10 | move leap_webapp.conf template to common.conf which is included by the ↵ | varac | |
nagios and webapp node (#5096) | |||
2014-01-22 | anonymize webapp ips (Bug #4896) | varac | |
2014-01-08 | fix webapp couchdb.yml to be couchdb.yml not couchdb.yml.webapp | elijah | |