Commit Graph

123 Commits (master)

Author SHA1 Message Date
eric 88a50073de Merge remote-tracking branch 'Gluejar/master' 2018-06-09 15:54:14 -04:00
eric bb29fc3d1f remove gluejar.com 2017-11-18 16:34:56 -05:00
Raymond Yee b700ff7faa delete the various specific apache conf files (which are no longer needed because we have teh apache.conf.j2 template) 2017-03-22 14:23:01 -07:00
Raymond Yee 505c3cedd3 simplify please.conf 2017-03-21 11:10:30 -07:00
Raymond Yee 2793d40739 update of Apache config file for please.conf 2017-03-21 11:10:30 -07:00
Raymond Yee 7c576f89d2 trying a new fix for 403 error from https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/ 2017-03-21 11:10:30 -07:00
Raymond Yee 5da956a06b in progress: working on changes needed for please 2017-03-21 11:10:30 -07:00
Raymond Yee c692b6dd0b basic structure for just and please -- though I've not modified templates yet
please GOODREADS keys in place
2016-12-05 15:09:31 -08:00
Raymond Yee 16c78485ea try to build just and please with a setting coming from secrets.yml 2016-11-16 17:21:22 -08:00
Raymond Yee 197eb5b628 add a line return to the .sh 2016-11-14 07:55:32 -08:00
Raymond Yee f27ebac6d7 gzip file in dump.sh 2016-11-14 07:52:50 -08:00
Raymond Yee 298dca48b3 clean up .pyc and empty directories with software update 2016-09-12 11:30:25 -07:00
Raymond Yee ef626c1b47 update update-just and update-prod 2016-09-07 19:24:47 -07:00
Raymond Yee 29d8678646 update just.wsgi and regluit.wsgi to match please.wsgi 2016-09-07 19:18:21 -07:00
Raymond Yee 5dbcee7213 modify script used to dump sql to include table definition for core_key 2016-08-30 13:26:11 -07:00
Raymond Yee 7c1a179fc4 forgot to fix update-* scripts for new celery configuration 2016-06-28 12:05:38 -07:00
Raymond Yee 59d9ed4a17 change the various crontabs
add notebooks/fix_build_3550.ipynb, which is not directly related to celery
2016-06-24 14:23:03 -07:00
Raymond Yee af20692b91 need return on crontab_please.txt 2016-06-23 12:32:21 -07:00
Raymond Yee 661c1b6b02 need to fix path in crontab 2016-06-23 11:55:44 -07:00
Raymond Yee 32503802a2 celery multi not seeing Django config --> replace with django-admin.py celeryd_multi restart w1 2016-06-23 10:48:43 -07:00
Raymond Yee f8411fe310 escape % in crontab and dev.yml 2016-06-22 15:55:42 -07:00
Raymond Yee f1ace96371 attempt to run celery without sudo 2016-06-21 19:49:50 -07:00
Raymond Yee 34b9df63ff Merge branch 'master' into dj16 2016-05-09 17:45:41 -07:00
Raymond Yee c0afa2cc95 fix output log for prod.conf: switch from logrotate to cronolog 2016-05-09 14:52:46 -07:00
Raymond Yee 1699c8af7d add dump_db_prod.sh 2016-05-09 14:32:58 -07:00
Raymond Yee 8211e5d3af first pass at getting vagrant/ansible working for prod 2016-05-09 14:11:49 -07:00
Raymond Yee a1c1b3a80e Merge branch 'master' into dj16 2016-05-07 16:06:31 -07:00
Raymond Yee 93ae8bca12 move from logrotate to cronolog 2016-05-02 15:58:20 -07:00
Raymond Yee b35e09a263 upgrades in celery related modules to deal with upgrade to Python 2.7.11, etc
ALLOWED_HOSTS settign needed now
upgrade wsgi file (just in case)
2016-04-11 15:38:49 -07:00
eric 60bc236ab4 init mimetypes 2016-03-25 14:13:39 -04:00
Raymond Yee eb0f51f1b7 make apache config 2.2 and 2.4 compatible 2015-07-03 11:06:54 -07:00
Raymond Yee e04ad9e915 changes to make things work for trusty64 on localvm 2015-07-03 11:06:54 -07:00
Raymond Yee cb55b83090 using xip.io to map a test server URL.
specifically 192.168.33.10.xip.io
2015-07-03 11:06:54 -07:00
Raymond Yee 56a5c17f1c trying localvm.test as a test domain 2015-07-03 11:06:54 -07:00
Raymond Yee 55ec76d283 forgot localvm.wsgi
fix apache config file to hopefully do redirect correctly -- hardcoding localvm as a name for the address for localvm vm.
2015-07-03 11:06:54 -07:00
Raymond Yee 7d76df7007 first pass at localvm 2015-07-03 11:06:54 -07:00
Raymond Yee db3c790bcb next iteration on getting just running 2015-05-16 13:30:09 -07:00
Raymond Yee 8f3051ffd3 get rid of public keys for Andromeda, Ed, and Jason 2015-05-16 13:30:09 -07:00
Raymond Yee 764da41d36 fix problem in crontab for please 2015-05-08 15:13:24 -07:00
Raymond Yee ee156ba061 add an entry in the crontab to create necessary celerybeat stuff on reboot 2015-05-08 15:01:38 -07:00
Raymond Yee cb0c647d1a * making progress on building please.unglue.it
* updating requirements_versioned.pip to handle Pyzotero
2015-05-04 10:51:12 -07:00
Raymond Yee 486e474fc3 Set the SSL configuration to that generated by
https://mozilla.github.io/server-side-tls/ssl-config-generator/
intermediate mode
2015.03.04   (with Apache v 2.2.22 and OpenSSL 1.0.1 and HSTS enabled)
2015-03-11 10:10:48 -07:00
Raymond Yee 949f22415b a modern configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/ 2015-03-10 16:07:15 -07:00
Raymond Yee cdb84dfffa Working conclusion: use the configuration:
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on
2015-03-10 15:48:02 -07:00
Raymond Yee 2e274b4e2b config without RC4
://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
2015-03-05 12:30:47 -08:00
Raymond Yee 8506df2480 need "" around ciphers 2015-03-05 12:26:40 -08:00
Raymond Yee 2685940069 ooops typo 2015-03-05 12:25:34 -08:00
Raymond Yee c9a0fc8ee7 tweak from the article
SSLCipherSuite EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4
2015-03-05 12:24:20 -08:00
Raymond Yee bcc1abed00 Now let's try https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy 2015-03-05 12:15:12 -08:00
Raymond Yee 25b8749206 Let's see what using the old configuration to be more compatible with old browsers does for the ssl test 2015-03-05 12:07:30 -08:00