| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Also, move it into baserock_frontend so it is clearly differentiated
from the upstream definitions.git stuff.
It's now based off Fedora 21 instead of Fedora 20.
This is now deployed at baserock.org.
Change-Id: Icaabc84f9513d08479d8d22c19e8b632ac5108b5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is implemented with the HAProxy frontend doing 'SSL termination'.
So internal traffic between the frontend_haproxy instance and the
various machines serving content is unencrypted HTTP as before, but all
traffic that goes over the public internet is encrypted now.
Note that storyboard.baserock.org is not behind HAProxy, and currently
uses a different, self-signed certificate.
Change-Id: I9140def605fe26c9c613066fa6524e3cf817f97c
|
| |
|
|
| |
Change-Id: I630b2e3edeedc7f52ae1b1b4e5bb12019b6ce541
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We allow through SSH on port 29418 and HTTP on port 80.
A downside of using HAProxy for this is that SSH traffic to port 29418
will be accepted for openid.baserock.org too. So gerrit.baserock.org
should not go through HAProxy after all. I will change this later.
|
| |
|
|
|
|
|
|
|
| |
Note that by default the systemd journal doesn't have any limit on the
amount of disk space it uses, and this system uses the default
configuration so it will eventually fill its own disk up with logs.
Switching to Ansible for provisioning this system should make it easier
to fix this.
|
|
|
This will in future be the only system that has a public IP, and will
proxy requests to the correct instances according to the subdomain and
possibly path of the request.
|
