An error occurred fetching the project authors.
- 17 Jul, 2020 1 commit
-
-
Łukasz Nowak authored
This is needed in order to provide future support for client certificates to the backend. Also it means that haproxy is used in all cases, with or without cache, and as a result the "cached" version of caddy is dropped. Let haproxy setup maxconn by itself, as it's wise enough. Also trust that it'll detect and use proper limits, instead enforcing them in the shell with ulimit trick (ulimit -n $(ulimit -Hn)). As empty server alias can impact the configuration, add proper test for checking it.
-
- 22 Jun, 2020 2 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Customized configuration support is not used since introduction of Caddy software, so there is no need to support it anymore.
-
- 04 May, 2020 1 commit
-
-
Łukasz Nowak authored
As https-only becomes default, tests are adapted in order to follow new approach, case by case, or the redirect http->https is asserted, or https access is used instead of http.
-
- 09 Oct, 2019 1 commit
-
-
Cédric Le Ninivin authored
-
- 28 Aug, 2019 1 commit
-
-
Jérome Perrin authored
-
- 18 Jul, 2019 1 commit
-
-
Łukasz Nowak authored
/reviewed-on nexedi/slapos!597
-
- 19 Jun, 2019 1 commit
-
-
Łukasz Nowak authored
ssl_ca_crt is still supported and needed in the UI, so put it back with DEPRECATED information.
-
- 14 Jun, 2019 1 commit
-
-
Łukasz Nowak authored
In "caddy-frontend: Implement KeDiFa SSL information" the certificates were dropped from the schema, but still internally supported. This lead to missing UI fields for still supported parameters. Reintroduced them with OBSOLETE mark. /reviewed-on nexedi/slapos!574
-
- 23 Apr, 2019 2 commits
-
-
Łukasz Nowak authored
By default whole slave makes websocket connection to the backend. With websocket-path, only the path has websocket style connections, the rest is standard HTTP.
-
Łukasz Nowak authored
notebook is implemented.
-
- 12 Apr, 2019 1 commit
-
-
Łukasz Nowak authored
-
- 13 Mar, 2019 1 commit
-
-
Łukasz Nowak authored
Use KeDiFa to store keys, and transmit the url to the requester for master and slave partitions. Download keys on the slave partitions level. Use caucase to fetch main caucase CA. kedifa-caucase-url is published in order to have access to it. Note: caucase is prepended with kedifa, as this is that one. Use kedifa-csr tool to generate CSR and use caucase-updater macro. Switch to KeDiFa with SSL Auth and updated goodies. KeDiFa endpoint URLs are randomised. Only one (first) user certificate is going to be automatically accepted. This one shall be operated by the cluster owner, the requester of frontend master partition. Then he will be able to sign certificates for other users and also for services - so each node in the cluster. Special trick from https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-command-line is used for one command generation of extensions in the certificate. Note: We could upgrade to openssl 1.1.1 in order to have it really simplified (see https://security.stackexchange.com/a/183973 ) Improve CSR readability by creating cluster-identification, which is master partition title, and use it as Organization of the CSR. Reserve slots for data exchange in KeDiFa.
-
- 29 Jan, 2019 1 commit
-
-
Thomas Gambier authored
-
- 06 Dec, 2018 1 commit
-
-
Łukasz Nowak authored
-
- 20 Nov, 2018 1 commit
-
-
Łukasz Nowak authored
-
- 03 Sep, 2018 3 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
-
Jérome Perrin authored
-
- 12 Jul, 2018 1 commit
-
-
Łukasz Nowak authored
caddy_custom_http and caddy_custom_https are implemented and exposed instead of apache_custom_http and apache_custom_https, but with backward compatbility for the latter form from apache-frontend. In TODO mark missing usage of custom http found during work on this commit.
-
- 28 Jun, 2018 1 commit
-
-
Łukasz Nowak authored
-