Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos-caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos-caddy
Commits
41ecd028
Commit
41ecd028
authored
May 02, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add certificate-authority software release
parent
a47d14b8
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
73 additions
and
14 deletions
+73
-14
software/certificate-authority/instance.cfg.in
software/certificate-authority/instance.cfg.in
+15
-0
software/certificate-authority/software.cfg
software/certificate-authority/software.cfg
+21
-0
stack/certificate-authority/buildout.cfg
stack/certificate-authority/buildout.cfg
+9
-0
stack/certificate-authority/buildout.hash.cfg
stack/certificate-authority/buildout.hash.cfg
+1
-1
stack/certificate-authority/instance-certificate-authority.cfg.jinja2.in
...te-authority/instance-certificate-authority.cfg.jinja2.in
+27
-13
No files found.
software/certificate-authority/instance.cfg.in
0 → 100644
View file @
41ecd028
[buildout]
parts =
publish-connection-parameter
extends =
{{ certificate_authority_template }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
[publish-connection-parameter]
recipe = slapos.cookbook:publish.serialised
http-url = ${certificate-authority-server:insecure-url}
https-url = ${certificate-authority-server:url}
\ No newline at end of file
software/certificate-authority/software.cfg
0 → 100644
View file @
41ecd028
[buildout]
extends =
../../stack/certificate-authority/buildout.cfg
../../stack/slapos.cfg
parts =
slapos-cookbook
extra-eggs
template
[template]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance.cfg.in
rendered = ${buildout:directory}/template.cfg
mode = 0644
md5sum = c61a8f951e99002753c3a53d0a18b16d
context =
key bin_directory buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key certificate_authority_template template-certificate-authority:rendered
stack/certificate-authority/buildout.cfg
View file @
41ecd028
...
...
@@ -75,6 +75,15 @@ SQLAlchemy = 1.1.9
caucase = 0.1.1
futures = 3.1.1
gunicorn = 19.7.1
slapos.recipe.template = 2.10
# Required by:
# Flask-User==0.6.11
passlib = 1.7.1
# Required by:
# caucase==0.1.1
pyasn1 = 0.2.3
# Required by:
# Flask-User==0.6.11
...
...
stack/certificate-authority/buildout.hash.cfg
View file @
41ecd028
...
...
@@ -28,4 +28,4 @@ md5sum = a317d2f948cd3d16c860d05cc07ecf42
[template-certificate-authority]
filename = template-certificate-authority.cfg
md5sum = e097dab69a38e428600b171ce2f6d68c
\ No newline at end of file
md5sum = 5ed16bcece904dd4527210c7453c84ca
\ No newline at end of file
stack/certificate-authority/instance-certificate-authority.cfg.jinja2.in
View file @
41ecd028
...
...
@@ -8,8 +8,8 @@ parts =
certificate-authority-server
[certificate-authority-parameters]
server-port =
8009
server-https-port =
8010
server-port =
${slap-configuration:configuration.ca-server-port}
server-https-port =
${slap-configuration:configuration.ca-server-https-port}
# Overrite this to set frontend or DNS URL (URL is used as CRL distribution point)
# Please set http not HTTPS scheme
crl-external-url = http://[${slap-configuration:ipv6-random}]:${:server-port}
...
...
@@ -80,11 +80,11 @@ command-line =
recipe = plone.recipe.command
command =
if [ -s "${:key}" ] && [ -s "${:cert}" ]; then
cat << EOF > ${:output}
[ca-nginx-ssl]
key=${:key}
cert=${:cert}
EOF
cat << EOF > ${:output}
[ca-nginx-ssl]
key=${:key}
cert=${:cert}
EOF
fi
key = ${directory:ssl}/ca-cert.key
cert = ${directory:ssl}/ca-cert.crt
...
...
@@ -133,17 +133,17 @@ input = inline:
# enable debug
# debug
# log-file ${directory:log}/ca-server.log
subject
/C=XX/ST=State/L=City/OU=OUnit/O=Company/CN=SlapOS Certificate Authority/emailAddress=xx@example.com
max-request-amount
10
subject
${slap-configuration:configuration.ca-subject}
max-request-amount
${slap-configuration:configuration.max-request-amount}
external-url ${certificate-authority-parameters:crl-external-url}
# one year (in seconds)
crt-life-time
31536000
crt-life-time
${slap-configuration:configuration.crt-life-time}
# crl-life-period correspond to about one week
crl-life-period
0.02
crl-life-period
${slap-configuration:configuration.crl-life-period}
# ca-life-time = ca-life-period * crt-life-time
ca-life-period
10
ca-life-period
${slap-configuration:configuration.ca-life-period}
# time before clean certificate on CA: 60*24*60*60
crt-keep-time
5184000
crt-keep-time
${slap-configuration:configuration.crt-keep-time}
output = ${directory:etc}/ca.conf
mode = 700
...
...
@@ -239,3 +239,17 @@ partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
configuration.ca-server-port = 8009
configuration.ca-server-https-port = 8010
# /CN=XXX is required
configuration.ca-subject = /C=Country/ST=State/L=City/OU=O-Unit/O=Company/CN=SlapOS Certificate Authority/emailAddress=xx@example.com
configuration.max-request-amount = 10
# one year (in seconds)
configuration.crt-life-time = 31536000
# crl-life-period correspond to about one week
configuration.crl-life-period = 0.02
# ca-life-period = ca-life-period * crt-life-time
configuration.ca-life-period = 10
# time before clean certificate on CA: 60*24*60*60
configuration.crt-keep-time = 5184000
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment