Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
7906b01c
Commit
7906b01c
authored
Jan 11, 2024
by
Titouan Soulard
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
software/slapos-master: allow disabling CRL check
parent
31c5f124
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
8 additions
and
3 deletions
+8
-3
software/slapos-master/apache-backend.conf.in
software/slapos-master/apache-backend.conf.in
+3
-1
software/slapos-master/buildout.hash.cfg
software/slapos-master/buildout.hash.cfg
+2
-2
software/slapos-master/instance-balancer.cfg.in
software/slapos-master/instance-balancer.cfg.in
+3
-0
No files found.
software/slapos-master/apache-backend.conf.in
View file @
7906b01c
...
...
@@ -163,13 +163,15 @@ Listen {{ ip }}:{{ port }}
{% endfor -%}
<VirtualHost *:{{ port }}>
SSLEngine on
{% if enable_authentication and parameter_dict['shared-ca-cert']
and parameter_dict['shared-crl']
-%}
{% if enable_authentication and parameter_dict['shared-ca-cert'] -%}
SSLVerifyClient require
# Custom block we use for now different parameters.
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
{% if parameter_dict['shared-crl'] -%}
SSLCARevocationCheck chain
SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
{% endif -%}
LogFormat "%h %l %{Remote-User}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" service
...
...
software/slapos-master/buildout.hash.cfg
View file @
7906b01c
...
...
@@ -18,11 +18,11 @@ md5sum = 15744bc9aa87585a64cb0050263e3142
[template-balancer]
filename = instance-balancer.cfg.in
md5sum =
da8399562377b472c9488a337d0230dc
md5sum =
e5f505b65e15346c4ea9a8c73796c1f1
[template-apache-backend-conf]
filename = apache-backend.conf.in
md5sum =
6cf13e8f5545d241e6514503f9824b02
md5sum =
596309dd5d1a9e16f9fc95354bbfc515
[template-haproxy-cfg]
filename = haproxy.cfg.in
...
...
software/slapos-master/instance-balancer.cfg.in
View file @
7906b01c
...
...
@@ -4,6 +4,7 @@
{% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
{% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend-caucase-url-list', []) -%}
{% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%}
{% set check_crl = slapparameter_dict.get('check-crl', True) -%}
{#
XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
per partition. No more (undefined result), no less (IndexError).
...
...
@@ -174,8 +175,10 @@ crl = ${apache-conf-ssl:crl}
{% if shared_ca_path -%}
shared-ca-cert = {{ shared_ca_path }}/cacert.pem
{% if check_crl -%}
shared-crl = {{ shared_ca_path }}/crl
{%- endif %}
{%- endif %}
[apache-conf]
< = jinja2-template-base
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment