summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp/templates
AgeCommit message (Collapse)Author
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2016-04-05testing: adds mx delivery testselijah
2015-11-17[bug] [jessie] template functions need an arrayvarac
from https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#calling-puppet-functions-from-templates: "The arguments of the function must be provided as an array, even if there is only one argument." This is a hard requirement in puppet 3 now. - Related: #6920
2015-09-28Modify config.yml.erb to include the invite code optionankonym
2015-09-10fix various problems with webapp config generationelijah
2015-08-03webapp: add support for customizing localeselijah
2015-03-30added support for rotating couchdb databases.elijah
2015-02-03Merge remote-tracking branch 'elijah/feature/expire' into developMicah Anderson
Conflicts: platform.rb Change-Id: Ifb1a7579e00b1ee2bdebe86671d5c2f1cac2a8dc
2015-02-02added custom puppet function sorted_json(). closes #6389elijah
2015-01-28update default provider.json to use the (now) correct expiration time ↵elijah
format. requires new leap_cli.
2014-10-29added webapp.forbidden_usernames property to allow configuration of ↵elijah
usernames to block.
2014-08-01minor: fix typo in webapp configAzul
@provider -> @webapp
2014-07-11Added allow_registration to webapp config.yml.Folker Bernitt
- See issue #5217 - See companion change in leap_web
2014-06-17allow webapp.json to configure what engines are enabledelijah
2014-05-24move haproxy-template to modules/site_haproxyChristoph
2014-05-14revert accidental change to webapp config templateAzul
2014-05-14use hash for provider service levelsAzul
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now.
2014-04-29require json so we can use it to dumpt the service levelsAzul
2014-04-24bring service_levels into webapp config - #5527Azul
including the default_service_level
2014-01-02added support for minimum client version checkingelijah
2013-11-28remove admin access from webappMicah Anderson
Change-Id: Ib2ce0d38a8e4dd30ae6842bfb5579d9c3dd10f18
2013-10-11/etc/haproxy/haproxy.cfg changed randomly (Feature #4111)varac
2013-09-24added site_config::x509::client_ca::cert and ↵varac
site_config::x509::client_ca::key for client_ca deployment (#3917)
2013-09-20fix whitespace issues from https://review.leap.se/r/82varac
2013-09-19fix x509 path in webapp config.yml.erb (#3894)varac
2013-07-30webapp - use hiera config "webapp.admins" for the list of admin usernames, ↵elijah
default to empty list.
2013-07-30added webapp.secure flag (turns on secure cookies and HSTS)elijah
2013-07-30site_webapp - add support for haproxy weights and backup servers (resolves ↵elijah
#3278)
2013-04-22webapp -- fixed bug in configurationelijah
2013-04-16move secret token into the config.yamlMicah Anderson
2013-04-09add a httpchk line to haproxy to properly test if the couchdb is availableMicah Anderson
add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-19configure webapp haproxy couchdb connectionMicah Anderson
2013-03-19configure site_webapp::haproxy to ship a haproxy config::fragment to setup theMicah Anderson
haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment
2013-03-19turn off automatic updates of couchdb design docs (#1979)Micah Anderson
2013-03-18Webapp: Use stunnel localhost:5000 for couchdb connectionvarac
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-01-21client ca -- configure the webapp with the client caelijah
2013-01-11configure webapp with correct domainelijah
2012-12-11add prefix to couchdb.yamlMicah Anderson
2012-12-11fix couchdb portMicah Anderson
2012-11-27fix name of couchdb.yml templateMicah Anderson
2012-11-27add the couchdb configuration templateMicah Anderson