An error occurred fetching the project authors.
  1. 09 Jan, 2023 2 commits
    • Łukasz Nowak's avatar
      rapid-cdn: c->h: Start switch from Caddy to Haproxy · 44d9483c
      Łukasz Nowak authored
      mpm-graceful-shutdown-timeout is dropped, as it's historical leftover and never
      really useful in the caddy-frontend CDN usage context - stopping the server is
      the most rare situation, and any grace period is solved eventually outside of
      the running process (like redirecting traffic elsewhere before stopping).
      44d9483c
    • Łukasz Nowak's avatar
      rapid-cdn: Introduce · 643457a3
      Łukasz Nowak authored
      It's based on phased out caddy-frontend, especially as next step is to drop
      Caddy software from the software release.
      643457a3
  2. 15 Dec, 2022 1 commit
  3. 19 Oct, 2022 1 commit
    • Łukasz Nowak's avatar
      Fix "caddy-frontend: Check log files last in the test" · 8ef8118c
      Łukasz Nowak authored
      Running test as last makes no sense nowadays, as the site is fully prepared.
      Awaiting for each possible log of configured frontend is not worth the
      requirement, so make those tests as first ones, which simplifies running only
      them with reproducible effect.
      
      All tests which could be affected by that fact has been identified and changed.
      8ef8118c
  4. 27 Jul, 2022 1 commit
  5. 07 Mar, 2022 1 commit
    • Łukasz Nowak's avatar
      caddy-frontend: Switch to full CSR analysis · 615bfd3e
      Łukasz Nowak authored
      Instead of trusting CSR id published by the node which tries to join the
      cluster add a tool which is able to compare exposed CSR with one in caucase
      and then decide to accept node in the cluster. This tool does what usual user
      would do, and it's logic implemented as a script leads to much simpler profiles.
      
      For sake of clean profiles csr_id has been removed, except when it's used for
      self joining of the user to the cluster.
      615bfd3e
  6. 15 Sep, 2020 1 commit
  7. 17 Jul, 2020 3 commits
    • Łukasz Nowak's avatar
      caddy-frontend: Setup backend client auth · 3be5f4ce
      Łukasz Nowak authored
      By default do not offer authentication certificate, the switch
      authenticate-to-backend can be used on cluster or slave level to control
      this feature.
      3be5f4ce
    • Łukasz Nowak's avatar
      caddy-frontend: Implement log file for backend-haproxy · 5b024d04
      Łukasz Nowak authored
      rsyslogd is used, as haproxy does not support writing log files by its own.
      5b024d04
    • Łukasz Nowak's avatar
      caddy-frontend: Put haproxy just before the backend · ec3d4ae9
      Łukasz Nowak authored
      This is needed in order to provide future support for client certificates
      to the backend.
      
      Also it means that haproxy is used in all cases, with or without cache, and as
      a result the "cached" version of caddy is dropped.
      
      Let haproxy setup maxconn by itself, as it's wise enough.
      
      Also trust that it'll detect and use proper limits, instead enforcing them in
      the shell with ulimit trick (ulimit -n $(ulimit -Hn)).
      
      As empty server alias can impact the configuration, add proper test for
      checking it.
      ec3d4ae9
  8. 22 Jun, 2020 1 commit
  9. 02 Mar, 2020 2 commits
  10. 20 Feb, 2020 1 commit
  11. 06 Nov, 2019 1 commit
  12. 20 Jun, 2019 1 commit
    • Łukasz Nowak's avatar
      caddy-frontend: Add promise for rejected slaves · 2a6967d6
      Łukasz Nowak authored
      Frontend operator shall have easy access to information about rejected
      slaves, possibly the best in the JSON file.
      
      Also the keys for the human readable information are slave's titles, not
      references.
      
      The information is published via hand crafted HTTPS endpoint.
      
      Note: The SSL certificate is generated manually. Existing caucase is special
            for KeDiFa, this is another step to move all generated certificates (or
            otherwise self-signed) to internal, full automatic caucase.
      2a6967d6
  13. 28 May, 2019 2 commits
  14. 23 Apr, 2019 1 commit
  15. 12 Apr, 2019 1 commit
    • Łukasz Nowak's avatar
      caddy-frontend: Pick up kedifa with async updater · 25902c06
      Łukasz Nowak authored
      Instead of fetching certificates on each slapos node instance use new
      kedifa-updater, which is a tool to asynchronously fetch certificates and
      has a hook to reload the server in case if new certificate is available.
      
      custom_ssl_directory is NOT BBB
      25902c06
  16. 26 Mar, 2019 1 commit
  17. 13 Mar, 2019 1 commit
  18. 06 Mar, 2019 1 commit
  19. 14 Jan, 2019 1 commit
  20. 13 Dec, 2018 1 commit
  21. 26 Oct, 2018 1 commit
  22. 28 Jun, 2018 1 commit
    • Łukasz Nowak's avatar
      caddy-frontend: Test cases · 6afa5ef0
      Łukasz Nowak authored
      Features:
      
       * forcediphttpsadapter for SNI
       * compatbile with apache-frontend SR
       * local server to test against
       * supervisor state checks
       * promise list checks
       * test data (to save/load textual assertions)
       * own root CA for HTTPs backend
      6afa5ef0