Raymond Yee
cb55b83090
using xip.io to map a test server URL.
...
specifically 192.168.33.10.xip.io
2015-07-03 11:06:54 -07:00
Raymond Yee
56a5c17f1c
trying localvm.test as a test domain
2015-07-03 11:06:54 -07:00
Raymond Yee
55ec76d283
forgot localvm.wsgi
...
fix apache config file to hopefully do redirect correctly -- hardcoding localvm as a name for the address for localvm vm.
2015-07-03 11:06:54 -07:00
Raymond Yee
7d76df7007
first pass at localvm
2015-07-03 11:06:54 -07:00
Raymond Yee
db3c790bcb
next iteration on getting just running
2015-05-16 13:30:09 -07:00
Raymond Yee
8f3051ffd3
get rid of public keys for Andromeda, Ed, and Jason
2015-05-16 13:30:09 -07:00
Raymond Yee
764da41d36
fix problem in crontab for please
2015-05-08 15:13:24 -07:00
Raymond Yee
ee156ba061
add an entry in the crontab to create necessary celerybeat stuff on reboot
2015-05-08 15:01:38 -07:00
Raymond Yee
cb0c647d1a
* making progress on building please.unglue.it
...
* updating requirements_versioned.pip to handle Pyzotero
2015-05-04 10:51:12 -07:00
Raymond Yee
486e474fc3
Set the SSL configuration to that generated by
...
https://mozilla.github.io/server-side-tls/ssl-config-generator/
intermediate mode
2015.03.04 (with Apache v 2.2.22 and OpenSSL 1.0.1 and HSTS enabled)
2015-03-11 10:10:48 -07:00
Raymond Yee
949f22415b
a modern configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/
2015-03-10 16:07:15 -07:00
Raymond Yee
cdb84dfffa
Working conclusion: use the configuration:
...
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
2015-03-10 15:48:02 -07:00
Raymond Yee
2e274b4e2b
config without RC4
...
://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
2015-03-05 12:30:47 -08:00
Raymond Yee
8506df2480
need "" around ciphers
2015-03-05 12:26:40 -08:00
Raymond Yee
2685940069
ooops typo
2015-03-05 12:25:34 -08:00
Raymond Yee
c9a0fc8ee7
tweak from the article
...
SSLCipherSuite EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4
2015-03-05 12:24:20 -08:00
Raymond Yee
bcc1abed00
Now let's try https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
2015-03-05 12:15:12 -08:00
Raymond Yee
25b8749206
Let's see what using the old configuration to be more compatible with old browsers does for the ssl test
2015-03-05 12:07:30 -08:00
Raymond Yee
9477ae66f2
first config try didn't up our score....now trying config generated by mozilla
2015-03-04 11:35:25 -08:00
Raymond Yee
5c64cfac38
testing SSL configuration to try to disallow RC4 and enable forward secrecy
2015-03-04 10:53:54 -08:00
Raymond Yee
c911a0f945
redirect all for prod
2015-01-08 14:08:18 -08:00
Raymond Yee
a77bae1cd6
restore prod to current state
2015-01-08 11:14:12 -08:00
eric
b6e17b6fcf
Merge branch 'master' into ssl_redirect
2015-01-08 13:11:18 -05:00
Raymond Yee
8a5c86d718
I had a bug in the crontab for just all this time....
2014-12-20 18:22:20 -05:00
Raymond Yee
c04a858905
configure production for redirecting everything to tls too.
2014-12-12 13:52:56 -08:00
Raymond Yee
22c917eb65
let's try redirecting everything
2014-12-12 13:47:25 -08:00
Raymond Yee
2764d337ae
need to include --upgrade flag to pip install (doh)
2014-10-16 15:18:06 -07:00
Raymond Yee
685e827e44
Turning off SSL v2 and SSL v3 from Apache to patch against POODLE vulnerability: http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
2014-10-15 14:56:59 -07:00
Raymond Yee
629527e3e0
the commands to link the celery config files belong in the startup
2014-10-10 17:28:59 -07:00
Raymond Yee
9be8d2b3a7
just was not configured properly for celery
2014-10-10 17:00:28 -07:00
Raymond Yee
957d3f2c88
Fix SSL conf on production too
2014-05-23 18:15:54 -07:00
Raymond Yee
91250d937b
it seems key issue is lack of
...
ServerName just.unglue.it:443
2014-05-23 17:57:40 -07:00
Raymond Yee
af016cc0fb
adding to apache conf:
...
SSLProtocol all -SSLv2 +TLSv1
2014-05-23 17:25:40 -07:00
Raymond Yee
1867964938
need a LF at end for crontab
2014-05-05 17:46:15 -07:00
Raymond Yee
918d295509
set the SHELL, PATH in crontab for just/please
2014-05-05 17:04:27 -07:00
eric
2892a22824
change terminology from "donation" to "gift"
2013-12-13 15:15:35 -05:00
Raymond Yee
7f35d0b74d
/opt/regluit/ENV/bin/django-admin.py emit_notices --settings=regluit.settings.please ->
...
/opt/regluit/ENV/bin/django-admin.py emit_notices --settings=regluit.settings.just
2013-11-11 17:58:19 -08:00
Raymond Yee
c253fd3909
update-just should also do a pip install
2013-02-11 10:54:37 -08:00
Raymond Yee
fe45fdc2ab
update which SSLCertificateChainFile being used by unglue.it
2013-01-07 21:11:39 -05:00
Raymond Yee
4fa7ea75ba
update just.conf to move from just.unglueit.com -> just.unglue.it and for using a different CA
2013-01-07 20:53:43 -05:00
Raymond Yee
2ff9d4a4d3
[ #38999845 ] Redirect pledge and donation pages to https
2012-11-05 21:58:30 +00:00
Raymond Yee
542ffd8f34
Update reference to Django in requirements_versioned.pip to 1.4.2
...
removed requiresments.pip and requirements_relaunch.pip and updated README.md
2012-10-18 07:34:39 -07:00
Raymond Yee
d33485df99
use requirements_versioned.pip in update-prod
2012-10-14 21:59:13 -07:00
Jason
7d4ec00382
Adding public key for jason kace to repository
2012-05-11 16:38:49 -04:00
eric
0ffd89e072
eric's public key
2012-05-10 16:36:16 -04:00
Raymond Yee
ccf753794c
Renaming AY's key to have her name
2012-05-10 13:23:10 -07:00
Andromeda Yelton
57b519c2d1
committing public key
2012-05-10 15:40:14 -04:00
Ed Summers
509bff4d52
Configuration files for just.unglueit.com
2012-05-07 18:44:01 +00:00
Ed Summers
9ea3d62ead
added my pubkey
2012-05-04 17:01:51 -04:00
Raymond Yee
e94e0352e9
Raymond's public key:
...
ssh-keygen -l -f deploy/public_keys/raymond_yee.pub ->
2048 89:33:28:02:e4:ef:c0:5e:f5:30:e1:4a:2c:1f:a3:b7 deploy/public_keys/raymond_yee.pub (RSA)
2012-05-03 18:44:42 -07:00