From 0a9bcf49adab7120849806e4c6408d3f2887e09a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 24 Apr 2014 13:58:40 -0400 Subject: tor: provide a default 'nickname' (something like "rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a static 'family' and instead provide a comma separated list of node tor nicknames. (#5220) Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a --- provider_base/services/tor.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json index ae4da46d..7d9c6d34 100644 --- a/provider_base/services/tor.json +++ b/provider_base/services/tor.json @@ -1,6 +1,8 @@ { "tor": { "bandwidth_rate": 6550, - "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten" + "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten", + "nickname": "= (self.name + secret(:tor_family)).sub('_','')[0..18]", + "family": "= nodes[:service => 'tor'].field('tor.nickname').join(',')" } } -- cgit v1.2.3 From b9369292cb19f97aafaaaac9f89bf2374487936b Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 18 Apr 2014 12:59:59 +0200 Subject: bring service_levels into webapp config - #5527 including the default_service_level --- provider_base/services/webapp.json | 2 ++ 1 file changed, 2 insertions(+) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 29c0cbf9..6b746fe4 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -12,6 +12,8 @@ "allow_limited_certs": "= provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= provider.service.allow_unlimited_bandwidth", "allow_anonymous_certs": "= provider.service.allow_anonymous", + "default_service_level": "= provider.service.default_service_level", + "service_levels": "= provider.service.levels", "secret_token": "= secret :webapp_secret_token", "api_version": 1, "secure": false, -- cgit v1.2.3 From 87129e91899c64c8374ae139d6e1bdcd5af6a407 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 6 May 2014 18:11:03 -0400 Subject: add the tun-ipv6 configuration to the eip-service (#4163) Change-Id: I4781f0c3e1c74f5a45217a4d631603fa1a622fd6 --- provider_base/services/openvpn.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 04e19aa2..090afcd6 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -23,7 +23,8 @@ "tls-cipher": "DHE-RSA-AES128-SHA", "auth": "SHA1", "cipher": "AES-128-CBC", - "keepalive": "10 30" + "keepalive": "10 30", + "tun-ipv6": true } } } -- cgit v1.2.3 From ae50675e9095750cee9810237fb6b9f60030dae4 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 6 May 2014 18:11:31 -0400 Subject: update cipher configuration for openvpn to use the IANA name, due to deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7 --- provider_base/services/openvpn.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 090afcd6..3776aedb 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -20,7 +20,7 @@ "unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix", "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil", "configuration": { - "tls-cipher": "DHE-RSA-AES128-SHA", + "tls-cipher": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "auth": "SHA1", "cipher": "AES-128-CBC", "keepalive": "10 30", -- cgit v1.2.3 From 89fac280079e4fd1eb9a4491a06a2dd549cee32b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 13 May 2014 19:04:17 -0400 Subject: Revert "update cipher configuration for openvpn to use the IANA name" This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there --- provider_base/services/openvpn.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 3776aedb..090afcd6 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -20,7 +20,7 @@ "unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix", "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil", "configuration": { - "tls-cipher": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + "tls-cipher": "DHE-RSA-AES128-SHA", "auth": "SHA1", "cipher": "AES-128-CBC", "keepalive": "10 30", -- cgit v1.2.3 From f83d6e635448d5c96be18b4d926cc99ba879bd93 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 14 May 2014 10:34:45 +0200 Subject: use hash for provider service levels We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now. --- provider_base/provider.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'provider_base') diff --git a/provider_base/provider.json b/provider_base/provider.json index fa69318b..aa7d0513 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -15,12 +15,12 @@ "default_language": "en", "enrollment_policy": "open", "service": { - "levels": [ + "levels": { // bandwidth limit is in Bytes, storage limit is in MB. - {"id": 1, "name": "free", "storage":50}, - {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]}, - {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]} - ], + "1": {"name": "free", "storage":50}, + "2": {"name": "basic", "storage":1000, "rate": ["tba"]}, + "3": {"name": "pro", "storage":10000, "rate": ["tba"]} + }, "default_service_level": 1, "bandwidth_limit": 102400, "allow_free": "= provider.service.levels.select {|l| l['rate'].nil?}.any?", -- cgit v1.2.3 From c0e52b84f79fc0ec636daf91e1fc6b61cc49fb2d Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 17 May 2014 18:15:57 -0700 Subject: fix bug with empty tor families --- provider_base/services/tor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json index 7d9c6d34..fc365a19 100644 --- a/provider_base/services/tor.json +++ b/provider_base/services/tor.json @@ -3,6 +3,6 @@ "bandwidth_rate": 6550, "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten", "nickname": "= (self.name + secret(:tor_family)).sub('_','')[0..18]", - "family": "= nodes[:service => 'tor'].field('tor.nickname').join(',')" + "family": "= nodes[:services => 'tor'][:environment => '!local'].field('tor.nickname').join(',')" } } -- cgit v1.2.3 From 1ea643b6741f41bfd90969d91f384060df98c8ae Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 20 May 2014 13:56:02 -0700 Subject: changed the default service levels to be more minimal, because it is currently impossible to entirely overwrite the service.levels hash. --- provider_base/provider.json | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'provider_base') diff --git a/provider_base/provider.json b/provider_base/provider.json index aa7d0513..743964ee 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -15,11 +15,17 @@ "default_language": "en", "enrollment_policy": "open", "service": { + // bandwidth limit is in Bytes, storage limit is in MB. + // for example: + // "levels": { + // "1": {"name": "free", "description":"Limited service, but without cost to you.", "storage":50}, + // "2": {"name": "basic", "description":"The standard package.", "storage":1000, "rate": {"USD":5}}, + // "3": {"name": "pro", "description":"Extra storage for power users." , "storage":10000, "rate": {"USD":10}} + // } "levels": { - // bandwidth limit is in Bytes, storage limit is in MB. - "1": {"name": "free", "storage":50}, - "2": {"name": "basic", "storage":1000, "rate": ["tba"]}, - "3": {"name": "pro", "storage":10000, "rate": ["tba"]} + "1": { + "name": "free", "description": "Please donate." + } }, "default_service_level": 1, "bandwidth_limit": 102400, -- cgit v1.2.3 From 3919bf8ebb78c07c6c3e067ab2f87f933df8c126 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 20 May 2014 13:48:23 -0700 Subject: add support for webapp on subdomain --- provider_base/files/service-definitions/provider.json.erb | 2 +- provider_base/services/webapp.json | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 3e055e9a..be8ae484 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -14,7 +14,7 @@ hsh['api_version'] = "1" hsh['api_uri'] = ["https://", api.domain, ':', api.port].join - hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' + hsh['ca_cert_uri'] = 'https://' + webapp.domain + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) hsh.dump_json diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 6b746fe4..bbb52094 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,6 +1,7 @@ { "webapp": { "admins": [], + "domain": "= domain.full_suffix", "modules": ["user", "billing", "help"], "couchdb_webapp_user": { "username": "= global.services[:couchdb].couch.users[:webapp].username", @@ -41,7 +42,7 @@ }, "service_type": "public_service", "api": { - "domain": "= 'api.' + domain.full_suffix", + "domain": "= 'api.' + webapp.domain", "port": 4430 }, "nickserver": { @@ -54,15 +55,15 @@ "port": 6425 }, "dns": { - "aliases": "= [domain.full_suffix, domain.full, api.domain, nickserver.domain]" + "aliases": "= [domain.full, webapp.domain, api.domain, nickserver.domain]" }, "x509": { "use": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", - "commercial_key": "= file [:commercial_key, domain.full_suffix]", + "commercial_cert": "= file [:commercial_cert, webapp.domain]", + "commercial_key": "= file [:commercial_key, webapp.domain]", "commercial_ca_cert": "= try_file :commercial_ca_cert" } } -- cgit v1.2.3