An error occurred fetching the project authors.
  1. 13 Mar, 2019 2 commits
    • Łukasz Nowak's avatar
      caddy-frontend: Implement KeDiFa SSL information · bc2b1742
      Łukasz Nowak authored
      Use KeDiFa to store keys, and transmit the url to the requester for master
      and slave partitions.
      
      Download keys on the slave partitions level.
      
      Use caucase to fetch main caucase CA.
      
      kedifa-caucase-url is published in order to have access to it.
      
      Note: caucase is prepended with kedifa, as this is that one.
      
      Use kedifa-csr tool to generate CSR and use caucase-updater macro.
      
      Switch to KeDiFa with SSL Auth and updated goodies.
      
      KeDiFa endpoint URLs are randomised.
      
      Only one (first) user certificate is going to be automatically accepted. This
      one shall be operated by the cluster owner, the requester of frontend master
      partition.
      
      Then he will be able to sign certificates for other users and also for
      services - so each node in the cluster.
      
      Special trick from https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line
      is used for one command generation of extensions in the certificate.
      Note: We could upgrade to openssl 1.1.1 in order to have it really
      simplified (see https://security.stackexchange.com/a/183973 )
      
      Improve CSR readability by creating cluster-identification, which is master
      partition title, and use it as Organization of the CSR.
      
      Reserve slots for data exchange in KeDiFa.
      bc2b1742
    • Łukasz Nowak's avatar
      fb37422b
  2. 07 Dec, 2018 1 commit
  3. 03 Dec, 2018 2 commits
  4. 12 Sep, 2018 1 commit
  5. 06 Sep, 2018 1 commit
    • Łukasz Nowak's avatar
      caddy-frontend: Dependencies on instances · 8d868048
      Łukasz Nowak authored
      Create caddyprofiledeps egg with dummy noop recipe.
      
      Thanks to setting dependencies of this egg and enabling it on the instance
      profile, buildout will install eggs during software run and activate them
      during instance run.
      
      No existing egg (like slapos.cookbook) is used, as this technique is to allow
      profile/software release developer to choose required eggs used during
      instantiation.
      
      Another apporach would be to add dependency for validators in
      slapos.recipe.template (in install_requires).
      8d868048
  6. 31 Jul, 2018 2 commits
    • Łukasz Nowak's avatar
      615f4977
    • Łukasz Nowak's avatar
      caddy-frontend: Modernize profiles · 9d866327
      Łukasz Nowak authored
      Features:
      
       * jinja2 is used to generate instance templates
       * downloads are done the same way for all resources
       * create with shared content for all instance profiles
       * fill in instance-common with shared sections
       * render templates late in order to ease its extenension and development
       * drop not needd duplicated section
       * drop slap-parameter in frontend and replicate template
       * simplify monitor configuration
       * move instance-parameter to instance file
         Thanks to this only one and topmost profile is reponsible for parsing and
         passing through the information which comes from the network
      9d866327
  7. 27 Jul, 2018 1 commit
  8. 28 Jun, 2018 5 commits
    • Łukasz Nowak's avatar
      caddy-frontend: Drop not needed apache references · 4300660a
      Łukasz Nowak authored
      Those kept are backward compatibility variables from the request.
      4300660a
    • Łukasz Nowak's avatar
      caddy-frontend: Server on IPv6 · af78aeb3
      Łukasz Nowak authored
      Caddy is able to bind only to all or one interface
      ( https://github.com/mholt/caddy/issues/864 )
      
      By using 6tunnel this limitation is workarounded, and in the result listen on IPv6.
      
      Also drop needless "ipv6" keys across configuration.
      af78aeb3
    • Łukasz Nowak's avatar
      caddy-frontend: Working implementation · 4ba968e4
      Łukasz Nowak authored
      Features:
      
       * shared place for Caddy configuration
       * gather a lot of parameters for caddy executable, as dislike Apache
         Caddy is configured from command line
       * dummy vhost for example.org
       * challanges (ACME SSL) are disabled
       * bind to interfaces are done per site
       * cache access is dummy, but working
       * /server-status redone in Caddy style
       * antiloris dropped, as this is apache specific
       * apache_custom_http and apache_custom_https
       * dropped not needed leftover access-control-string and protected-path
       * nginx replacement added
       * bin/caddy-wrapper is provided in order to allow parameterization of caddy
         over the network
       * access to log files over http is provided
         * username on log access is consistent, it is not uppercased like it was
           originally on apache-frontend
       * list of TODOs in TODO.rst
      4ba968e4
    • Łukasz Nowak's avatar
      97ef6396
    • Łukasz Nowak's avatar
      caddy-frontend: Copy of apache-frontend original · dbb00241
      Łukasz Nowak authored
      This will make it easier to track changes.
      dbb00241
  9. 02 Jun, 2017 1 commit
    • Rafael Monnerat's avatar
      apache-frontend: Delay reload apache configuration · 49e2a2ae
      Rafael Monnerat authored
        Wait for 60 to reload apache configuration in order to accumulate
        several logrotate runs.
      
        If the amount of slaves are too high, the number of logs are high,
        so the entries on logrotate are also high. So it is enough to DDoS
        with a huge amount of 'kill -1', so delay is the only way to avoid
        to re-implement logrotate existing features.
      
        Only reload the apache configuration if the the apache configuration
        or the certificates contains a change, else don't reload it.
      
        Keep a command on bin folder to force reload of configuration in
        case it is required.
      49e2a2ae
  10. 24 Mar, 2017 2 commits
  11. 10 Mar, 2017 1 commit
  12. 01 Mar, 2017 1 commit
  13. 28 Feb, 2017 2 commits
  14. 25 Nov, 2016 2 commits
  15. 22 Nov, 2016 7 commits
  16. 28 Oct, 2016 1 commit
  17. 26 Oct, 2016 1 commit
  18. 25 Oct, 2016 3 commits
  19. 24 Oct, 2016 1 commit
  20. 19 Oct, 2016 1 commit
  21. 22 Sep, 2016 1 commit
  22. 25 Aug, 2016 1 commit