- 26 Sep, 2023 5 commits
-
-
Jérome Perrin authored
This reverts commit 6c399134.
-
Jérome Perrin authored
This change the format or the (mostly) unused frontend parameter to support requesting more than one frontend and also enable the request of a frontend by default, so that requesting a frontend separately is no longer needed. The `frontend` parameter now also supports requesting frontends for specific paths on the ERP5 backend, the example below requests a frontend serving directly a web site, with the necessary rewrite rules: ```js { "frontend": { "default": { "internal-path": "/erp5/web_site_module/renderjs_runner/" } } } ``` The example below requests a default frontend to the erp5 root, to access the ZMI or erp5_xhtml_style interface and two web sites: ```js { "frontend": { "default": {}, "erp5js": { "internal-path": "/erp5/web_site_module/renderjs_runner/" }, "crm": { "internal-path": "/erp5/web_site_module/erp5_officejs_support_request_ui/" } } } ``` The example below has an explicit definition of the zope families using `zope-partition-dict` parameter, because there are no family named "default", no frontend is requested by default: ```js { "zope-partition-dict": { "backoffice": { "family": "backoffice" }, "web": { "family": "web" }, "activities": { "family": "activities" } } } ``` Continuing this example, to have frontends for backoffice and web families, the frontend request can specify the families, like it is demonstrated in the example below. In this example, we don't specify an entry for "activities" family, so no frontend will be requested for this family. ```js { "frontend": { "backoffice": { "zope-family": "backoffice" }, "web": { "zope-family": "web", "internal-path": "/erp5/web_site_module/web_site/" } } "zope-partition-dict": { "backoffice": { "family": "backoffice" }, "web": { "family": "web" }, "activities": { "family": "activities" } } } ```
-
Jérome Perrin authored
We configure haproxy with "verify optional", which makes haproxy request a client certificate, but accept the case where client does not present a certificate, but as described in [1], if client present a certificate and this certificate can not be verified, handshake is aborted. This is not what we want, we want to treat the case of a non verified certificate same as the case of the absence of certificate. This configures haproxy accordingly, using "crt-ignore-err all" to allow handshake anyway. Once this was fixed, there was a remaining problem with client_cert_verified acl, haproxy acl are OR, but this rule was supposed to be a AND (client present a certificate AND it is verified), this was rewritten to use inline condition which are AND. [1]: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.1-verify Also adjust test_x_forwarded_for_stripped_when_no_certificate to assert that there is no X-Forwarded-For header at all when no client certificate.
-
Jérome Perrin authored
-
Jérome Perrin authored
-
- 22 Sep, 2023 3 commits
-
-
Titouan Soulard authored
-
Titouan Soulard authored
-
Jérome Perrin authored
-
- 20 Sep, 2023 1 commit
-
-
Jérome Perrin authored
-
- 18 Sep, 2023 1 commit
-
-
Titouan Soulard authored
-
- 14 Sep, 2023 3 commits
-
-
Thomas Gambier authored
-
Thomas Gambier authored
-
Thomas Gambier authored
-
- 13 Sep, 2023 1 commit
-
-
Thomas Gambier authored
See merge request nexedi/slapos!1404
-
- 12 Sep, 2023 2 commits
-
-
Titouan Soulard authored
-
Jérome Perrin authored
-
- 04 Sep, 2023 9 commits
-
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Joanne Hugé authored
-
Lu Xu authored
- activate cu_config_link parameter - update cu-config.xml - add supervision log and nc session log
-
- 01 Sep, 2023 6 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
- 31 Aug, 2023 3 commits
-
-
Thomas Gambier authored
-
Thomas Gambier authored
-
Thomas Gambier authored
we should definitely get rid of this old golang version by upgrading gitlab
-
- 30 Aug, 2023 6 commits
-
-
Thomas Gambier authored
-
Thomas Gambier authored
This is needed for Debian 12
-
Thomas Gambier authored
-
Thomas Gambier authored
-
Thomas Gambier authored
This is needed on Debian12 so that binutils can recognize the system libraries. Without this upgrade we have the following error when trying to build gcc8.5 on Debian12: /opt/slapgrid/shared/binutils/ea3cf4e44b2944e805d9fe6387a4eeb0/bin/ld: /lib/x86_64-linux-gnu/libc.so.6: unknown type [0x13] section `.relr.dyn'
-
Thomas Gambier authored
-