summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp/templates
AgeCommit message (Collapse)Author
2013-09-24added site_config::x509::client_ca::cert and ↵varac
site_config::x509::client_ca::key for client_ca deployment (#3917)
2013-09-20fix whitespace issues from https://review.leap.se/r/82varac
2013-09-19fix x509 path in webapp config.yml.erb (#3894)varac
2013-07-30webapp - use hiera config "webapp.admins" for the list of admin usernames, ↵elijah
default to empty list.
2013-07-30added webapp.secure flag (turns on secure cookies and HSTS)elijah
2013-07-30site_webapp - add support for haproxy weights and backup servers (resolves ↵elijah
#3278)
2013-04-22webapp -- fixed bug in configurationelijah
2013-04-16move secret token into the config.yamlMicah Anderson
2013-04-09add a httpchk line to haproxy to properly test if the couchdb is availableMicah Anderson
add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-19configure webapp haproxy couchdb connectionMicah Anderson
2013-03-19configure site_webapp::haproxy to ship a haproxy config::fragment to setup theMicah Anderson
haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment
2013-03-19turn off automatic updates of couchdb design docs (#1979)Micah Anderson
2013-03-18Webapp: Use stunnel localhost:5000 for couchdb connectionvarac
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-01-21client ca -- configure the webapp with the client caelijah
2013-01-11configure webapp with correct domainelijah
2012-12-11add prefix to couchdb.yamlMicah Anderson
2012-12-11fix couchdb portMicah Anderson
2012-11-27fix name of couchdb.yml templateMicah Anderson
2012-11-27add the couchdb configuration templateMicah Anderson