| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Old ones had expired
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a new instance that can be used as an artifact cache by the
BuildStream build tool. Anyone can download artifacts over HTTPS.
Those given SSH access to the machine can write to the artifact cache
(this will likely be limited to automated build machines).
DNS is now set to point cache.baserock.org and ostree.baserock.org to
the HAProxy frontend.
The SSL certificate for the frontend-haproxy system has been regenerated
to include the cache.baserock.org and ostree.baserock.org domains.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Combination of "ISRG Root X1" and "Encrypt Authority X3" certificates
downloaded from https://letsencrypt.org/certificates/
|
|
|
|
|
|
|
|
| |
These are public and can be downloaded from https://www.startssl.com/certs/
- https://www.startssl.com/certs/sub.class2.server.ca.pem
- https://www.startssl.com/certs/ca.pem
Change-Id: Ia2e1c2702fbd48f0f3bdd37dfc6044c5d0a94875
|
|
This is implemented with the HAProxy frontend doing 'SSL termination'.
So internal traffic between the frontend_haproxy instance and the
various machines serving content is unencrypted HTTP as before, but all
traffic that goes over the public internet is encrypted now.
Note that storyboard.baserock.org is not behind HAProxy, and currently
uses a different, self-signed certificate.
Change-Id: I9140def605fe26c9c613066fa6524e3cf817f97c
|