summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp
AgeCommit message (Collapse)Author
2017-05-06Restructure site_tor to be more clear and re-usable (fixes #8784).Micah Anderson
This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install.
2017-04-27Merge remote-tracking branch 'origin/merge-requests/77'varac
2017-04-25Add single-hop hidden service capability.Micah Anderson
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-04-25LintMicah Anderson
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-15Direct connection when couch runs locallyvarac
2017-03-15[8144] Remove Haproxyvarac
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2017-03-15Linted couchdb.ppvarac
2016-08-30lint site_webapp/manifests/init.ppvarac
2016-08-30[feat] Use twisted 16.2 from jessie-backportsvarac
New soledad packages now depend on Twisted 16.2.0 (see https://leap.se/code/issues/8412), so we need to pin twisted to get installed from jessie-backports. - Resolves: #8418
2016-07-13Newest passenger module dont manage munin by defaultvarac
2016-06-28Stop tor from restarting on every deploy (#8211).Micah
We were creating the hidden service name without a newline, and then tor would be restarted and change the hidden service hostname file to have a newline, which would then require that the next deploy would change that file to not have a newline again. This fixes that problem by making the hostname have a newline so it matches what tor wants. Change-Id: I38f450684d557cf943ec94f2f8e19cda3aefdf66
2016-06-28Reload tor if config or key is changed (#8210).Micah
Change-Id: I3d733b6645c804a5fb337ad4b8edc59a66ad50b5
2016-06-27Lint and Document site_webapp::hidden_servicevarac
2016-04-18[style] more manual linting for custom manifestsvarac
2016-04-05testing: adds mx delivery testselijah
2016-03-11fix tor-related jessie deprecation problems (#7962)Micah
Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639
2016-03-04fix location of couchdb.admin.ymlelijah
2016-03-04ensure /var/leap/couchdb exists before creating files there.elijah
2016-03-04move the location of couchdb.admin.yml so that it does not need to have its ↵elijah
ownership reset on each deploy.
2016-02-02don't deploy bundler debug to serverskwadronaut
2016-01-22restructured site.pp, now only one class gets included in site.pp per ↵varac
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
2016-01-04Fix status module invocation for hidden service enabled webapps (#7776)Micah
Change-Id: I101e4c9791102123d4334e1b84a48dacea99ac52
2015-11-30fix missing apache status module (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-17[bug] [jessie] Load needed modules for apache 2.4varac
- Related: #6920
2015-11-17[bug] [jessie] template functions need an arrayvarac
from https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#calling-puppet-functions-from-templates: "The arguments of the function must be provided as an array, even if there is only one argument." This is a hard requirement in puppet 3 now. - Related: #6920
2015-10-30[feat] Add soledad::client class for soledad-syncvarac
- Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523
2015-10-07[bug] Fix removal of webapp apache config filevarac
Done by including a service-dependend site_config::remove::webapp class.
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-28Modify config.yml.erb to include the invite code optionankonym
2015-09-10fix various problems with webapp config generationelijah
2015-09-03make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-08-03webapp: add support for customizing localeselijah
2015-04-16properly clean up unused fileselijah
2015-04-16clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to ↵elijah
their own files, fix mx logwatch path.
2015-04-15disable 'rake cleanup:sessions' cron job.elijah
2015-04-08move rotated db creation to site_couchdb and fix rotated db testselijah
2015-03-30added support for rotating couchdb databases.elijah
2015-02-04consolidate sources into common.jsonelijah
2015-02-03Merge remote-tracking branch 'elijah/feature/expire' into developMicah Anderson
Conflicts: platform.rb Change-Id: Ifb1a7579e00b1ee2bdebe86671d5c2f1cac2a8dc
2015-02-02added custom puppet function sorted_json(). closes #6389elijah
2015-01-28update default provider.json to use the (now) correct expiration time ↵elijah
format. requires new leap_cli.
2015-01-12Adds apache support for webapp.domain if defined. Fixes #6632guido
Change-Id: If63aac60e44c4a68f030f93e20e8dc071f9df610
2014-12-09Soledad sync check needs python-u1db package installed (Bug #6520)varac
Change-Id: I8a6c27434f548f24d9dba1a969699200ab307477
2014-12-02Use $hostname to locate tor.key. Fixes #6478guido
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d
2014-11-07Better check for tor hidden service on a webapp node.guido
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6
2014-11-04Adds support for Tor hidden service on webapp (Feature #6273)guido
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
2014-10-29added webapp.forbidden_usernames property to allow configuration of ↵elijah
usernames to block.
2014-09-03Merge branch 'master' into developvarac
Conflicts: platform.rb puppet/modules/site_config/manifests/hosts.pp
2014-08-28syslog logs everything but webapp FIX #6020guido