An error occurred fetching the project authors.
- 14 Dec, 2018 1 commit
-
-
Łukasz Nowak authored
/reviewed-on nexedi/slapos!466
-
- 13 Dec, 2018 1 commit
-
-
Łukasz Nowak authored
"software/caddy-frontend: auto-restart services on SR upgrade." begun implementation of automatic restart of services on SR upgrade, but not all services has been caught - 6tunnel was missing. /reviewed-on nexedi/slapos!473
-
- 07 Dec, 2018 2 commits
-
-
Łukasz Nowak authored
This reverts commit 9243ace4 There are some bizarre issues with notebook, which happen randomly. /reviewed-on nexedi/slapos!463
-
Łukasz Nowak authored
/reviewed-on nexedi/slapos!445
-
- 05 Dec, 2018 1 commit
-
-
Łukasz Nowak authored
Caddy since 0.11.1 requires that certificate match the exposed site, so in order to being able to serve ip access sites each frontend node needs to generate certificate with its IP in the subjectAltName.
-
- 22 Nov, 2018 1 commit
-
-
Łukasz Nowak authored
Drop not needed references and logic for ssl_ca_crt old implementation.
-
- 20 Nov, 2018 3 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
- 14 Nov, 2018 1 commit
-
-
Łukasz Nowak authored
-
- 06 Sep, 2018 5 commits
-
-
Łukasz Nowak authored
Instead of relying on slapos.cookbook:certificate_authority recipe, which stops buildout processing, extract the minimal implementation to runtime key/certificate validator and reject slaves, which does not pass this test. This commits results in TODO item being done.
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Thank to escaping whole command-line it is possible to process buildout dangerous strings, like ${section:option}, pass them to the wrapper, instead of killing the whole profile processing.
-
Łukasz Nowak authored
If the value does not contain "," drop its contents instead of stopping processing of the whole profile.
-
Łukasz Nowak authored
-
- 31 Jul, 2018 2 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Features: * jinja2 is used to generate instance templates * downloads are done the same way for all resources * create with shared content for all instance profiles * fill in instance-common with shared sections * render templates late in order to ease its extenension and development * drop not needd duplicated section * drop slap-parameter in frontend and replicate template * simplify monitor configuration * move instance-parameter to instance file Thanks to this only one and topmost profile is reponsible for parsing and passing through the information which comes from the network
-
- 12 Jul, 2018 2 commits
-
-
Łukasz Nowak authored
In those places caddy_custom_https (and it's backward compatbility companion apache_custom_https) was not checked, thus making it impossible to just use https customisation, without http one.
-
Łukasz Nowak authored
caddy_custom_http and caddy_custom_https are implemented and exposed instead of apache_custom_http and apache_custom_https, but with backward compatbility for the latter form from apache-frontend. In TODO mark missing usage of custom http found during work on this commit.
-
- 03 Jul, 2018 1 commit
-
-
Łukasz Nowak authored
Therte is no need to control whitespace adding by Jijna2 and dropping it simplifies the templates. It will allow to take better control over generated configuration files.
-
- 28 Jun, 2018 7 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
404 is served with notfound.html
-
Łukasz Nowak authored
Those kept are backward compatibility variables from the request.
-
Łukasz Nowak authored
Caddy is able to bind only to all or one interface ( https://github.com/mholt/caddy/issues/864 ) By using 6tunnel this limitation is workarounded, and in the result listen on IPv6. Also drop needless "ipv6" keys across configuration.
-
Łukasz Nowak authored
As the the feature ssl_proxy_ca_crt is not implemented serve immediately 501 Not Implemented.
-
Łukasz Nowak authored
Features: * shared place for Caddy configuration * gather a lot of parameters for caddy executable, as dislike Apache Caddy is configured from command line * dummy vhost for example.org * challanges (ACME SSL) are disabled * bind to interfaces are done per site * cache access is dummy, but working * /server-status redone in Caddy style * antiloris dropped, as this is apache specific * apache_custom_http and apache_custom_https * dropped not needed leftover access-control-string and protected-path * nginx replacement added * bin/caddy-wrapper is provided in order to allow parameterization of caddy over the network * access to log files over http is provided * username on log access is consistent, it is not uppercased like it was originally on apache-frontend * list of TODOs in TODO.rst
-
Łukasz Nowak authored
This will make it easier to track changes.
-
- 13 Jun, 2018 2 commits
-
-
Łukasz Nowak authored
Do not upper filenames nor users, use them as is. /reviewed-on nexedi/slapos!339
-
Łukasz Nowak authored
No custom_http nor custom_https shall publish information normally calculated. /reviewed-on nexedi/slapos!340
-
- 24 Apr, 2018 1 commit
-
-
Łukasz Nowak authored
_ (underscore) is not supported by apache as domain name (https://bugzilla.redhat.com/show_bug.cgi?id=1410130), so avoid using it. /reviewed-on nexedi/slapos!320
-
- 02 Jun, 2017 1 commit
-
-
Rafael Monnerat authored
Wait for 60 to reload apache configuration in order to accumulate several logrotate runs. If the amount of slaves are too high, the number of logs are high, so the entries on logrotate are also high. So it is enough to DDoS with a huge amount of 'kill -1', so delay is the only way to avoid to re-implement logrotate existing features. Only reload the apache configuration if the the apache configuration or the certificates contains a change, else don't reload it. Keep a command on bin folder to force reload of configuration in case it is required.
-
- 24 May, 2017 1 commit
-
-
Rafael Monnerat authored
-
- 03 Apr, 2017 4 commits
-
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
- 25 Nov, 2016 1 commit
-
-
Rafael Monnerat authored
-
- 22 Nov, 2016 3 commits
-
-
Rafael Monnerat authored
Introduce NGINX on the same partition of apache to handle websocket\ and eventsource types. The NGINX will run on another port and it would require a second ip at the machine for enable it. This configuration is a working version with fully https support, but some additional adjustments might be required.
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-