Raymond Yee
b700ff7faa
delete the various specific apache conf files (which are no longer needed because we have teh apache.conf.j2 template)
2017-03-22 14:23:01 -07:00
Raymond Yee
505c3cedd3
simplify please.conf
2017-03-21 11:10:30 -07:00
Raymond Yee
2793d40739
update of Apache config file for please.conf
2017-03-21 11:10:30 -07:00
Raymond Yee
7c576f89d2
trying a new fix for 403 error from https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/
2017-03-21 11:10:30 -07:00
Raymond Yee
5da956a06b
in progress: working on changes needed for please
2017-03-21 11:10:30 -07:00
Raymond Yee
c692b6dd0b
basic structure for just and please -- though I've not modified templates yet
...
please GOODREADS keys in place
2016-12-05 15:09:31 -08:00
Raymond Yee
16c78485ea
try to build just and please with a setting coming from secrets.yml
2016-11-16 17:21:22 -08:00
Raymond Yee
197eb5b628
add a line return to the .sh
2016-11-14 07:55:32 -08:00
Raymond Yee
f27ebac6d7
gzip file in dump.sh
2016-11-14 07:52:50 -08:00
Raymond Yee
298dca48b3
clean up .pyc and empty directories with software update
2016-09-12 11:30:25 -07:00
Raymond Yee
ef626c1b47
update update-just and update-prod
2016-09-07 19:24:47 -07:00
Raymond Yee
29d8678646
update just.wsgi and regluit.wsgi to match please.wsgi
2016-09-07 19:18:21 -07:00
Raymond Yee
5dbcee7213
modify script used to dump sql to include table definition for core_key
2016-08-30 13:26:11 -07:00
Raymond Yee
7c1a179fc4
forgot to fix update-* scripts for new celery configuration
2016-06-28 12:05:38 -07:00
Raymond Yee
59d9ed4a17
change the various crontabs
...
add notebooks/fix_build_3550.ipynb, which is not directly related to celery
2016-06-24 14:23:03 -07:00
Raymond Yee
af20692b91
need return on crontab_please.txt
2016-06-23 12:32:21 -07:00
Raymond Yee
661c1b6b02
need to fix path in crontab
2016-06-23 11:55:44 -07:00
Raymond Yee
32503802a2
celery multi not seeing Django config --> replace with django-admin.py celeryd_multi restart w1
2016-06-23 10:48:43 -07:00
Raymond Yee
f8411fe310
escape % in crontab and dev.yml
2016-06-22 15:55:42 -07:00
Raymond Yee
f1ace96371
attempt to run celery without sudo
2016-06-21 19:49:50 -07:00
Raymond Yee
34b9df63ff
Merge branch 'master' into dj16
2016-05-09 17:45:41 -07:00
Raymond Yee
c0afa2cc95
fix output log for prod.conf: switch from logrotate to cronolog
2016-05-09 14:52:46 -07:00
Raymond Yee
1699c8af7d
add dump_db_prod.sh
2016-05-09 14:32:58 -07:00
Raymond Yee
8211e5d3af
first pass at getting vagrant/ansible working for prod
2016-05-09 14:11:49 -07:00
Raymond Yee
a1c1b3a80e
Merge branch 'master' into dj16
2016-05-07 16:06:31 -07:00
Raymond Yee
93ae8bca12
move from logrotate to cronolog
2016-05-02 15:58:20 -07:00
Raymond Yee
b35e09a263
upgrades in celery related modules to deal with upgrade to Python 2.7.11, etc
...
ALLOWED_HOSTS settign needed now
upgrade wsgi file (just in case)
2016-04-11 15:38:49 -07:00
eric
60bc236ab4
init mimetypes
2016-03-25 14:13:39 -04:00
Raymond Yee
eb0f51f1b7
make apache config 2.2 and 2.4 compatible
2015-07-03 11:06:54 -07:00
Raymond Yee
e04ad9e915
changes to make things work for trusty64 on localvm
2015-07-03 11:06:54 -07:00
Raymond Yee
cb55b83090
using xip.io to map a test server URL.
...
specifically 192.168.33.10.xip.io
2015-07-03 11:06:54 -07:00
Raymond Yee
56a5c17f1c
trying localvm.test as a test domain
2015-07-03 11:06:54 -07:00
Raymond Yee
55ec76d283
forgot localvm.wsgi
...
fix apache config file to hopefully do redirect correctly -- hardcoding localvm as a name for the address for localvm vm.
2015-07-03 11:06:54 -07:00
Raymond Yee
7d76df7007
first pass at localvm
2015-07-03 11:06:54 -07:00
Raymond Yee
db3c790bcb
next iteration on getting just running
2015-05-16 13:30:09 -07:00
Raymond Yee
8f3051ffd3
get rid of public keys for Andromeda, Ed, and Jason
2015-05-16 13:30:09 -07:00
Raymond Yee
764da41d36
fix problem in crontab for please
2015-05-08 15:13:24 -07:00
Raymond Yee
ee156ba061
add an entry in the crontab to create necessary celerybeat stuff on reboot
2015-05-08 15:01:38 -07:00
Raymond Yee
cb0c647d1a
* making progress on building please.unglue.it
...
* updating requirements_versioned.pip to handle Pyzotero
2015-05-04 10:51:12 -07:00
Raymond Yee
486e474fc3
Set the SSL configuration to that generated by
...
https://mozilla.github.io/server-side-tls/ssl-config-generator/
intermediate mode
2015.03.04 (with Apache v 2.2.22 and OpenSSL 1.0.1 and HSTS enabled)
2015-03-11 10:10:48 -07:00
Raymond Yee
949f22415b
a modern configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/
2015-03-10 16:07:15 -07:00
Raymond Yee
cdb84dfffa
Working conclusion: use the configuration:
...
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
2015-03-10 15:48:02 -07:00
Raymond Yee
2e274b4e2b
config without RC4
...
://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
2015-03-05 12:30:47 -08:00
Raymond Yee
8506df2480
need "" around ciphers
2015-03-05 12:26:40 -08:00
Raymond Yee
2685940069
ooops typo
2015-03-05 12:25:34 -08:00
Raymond Yee
c9a0fc8ee7
tweak from the article
...
SSLCipherSuite EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4
2015-03-05 12:24:20 -08:00
Raymond Yee
bcc1abed00
Now let's try https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
2015-03-05 12:15:12 -08:00
Raymond Yee
25b8749206
Let's see what using the old configuration to be more compatible with old browsers does for the ssl test
2015-03-05 12:07:30 -08:00
Raymond Yee
9477ae66f2
first config try didn't up our score....now trying config generated by mozilla
2015-03-04 11:35:25 -08:00
Raymond Yee
5c64cfac38
testing SSL configuration to try to disallow RC4 and enable forward secrecy
2015-03-04 10:53:54 -08:00