Jimmy Zelinskie
2b84888c2f
syslog: have syslog generate timestamps ( #1585 )
...
This is the more elegant solution to #1579 .
2016-06-27 14:42:44 -04:00
Jimmy Zelinskie
a40b065bd3
syslog: fix timestamp ( #1579 )
...
Previously the timestamp was locked to the time at which the logger
process started. This change parses messages in bash and then calls the
logger once for each message ignoring newlines (read -r) in order to
guarantee the timestamp is correct.
2016-06-24 15:46:58 -04:00
josephschorr
7173d53030
Merge pull request #1549 from coreos-inc/certs
...
Switch to install custom LDAP cert by name
2016-06-21 15:13:44 -04:00
Joseph Schorr
66ec1d81ce
Switch to install custom LDAP cert by name
2016-06-21 15:10:26 -04:00
Jake Moshenko
a1cf12e460
Add a sitemap.txt for popular public repos
...
and reference it from the robots.txt
2016-06-17 14:34:20 -04:00
Jimmy Zelinskie
d599406140
nginx: use upstream ubuntu package ( #1546 )
...
Ubuntu 16.04 LTS has a newer version than what we compile.
2016-06-16 13:51:04 -04:00
Jimmy Zelinskie
a33a70a419
init: supress sv check
output ( #1545 )
2016-06-15 17:57:27 -04:00
Jake Moshenko
746728ba24
Remove escaped_fragment snapshot rendering.
2016-06-14 12:53:10 -04:00
Jimmy Zelinskie
40e3a95868
runit: wait for syslog-ng before starting loggers ( #1537 )
2016-06-10 20:29:45 -04:00
Jimmy Zelinskie
2464e007d8
runit: add dependencies to loggers ( #1515 )
...
This guarantees that the logger starts after syslog and the process it's
logging.
2016-06-03 15:32:15 -04:00
Joseph Schorr
5746b42c69
Add a cleanup worker for the queue item table
...
Fixes #784
2016-06-02 15:00:44 -04:00
Jimmy Zelinskie
5568cc77b8
remove all default keys ( #1485 )
...
This change:
- Generates a new BitTorrent pepper by default
- Generates a new pagination key by default
- Changes the pagination key format to base64
- Removes selfsigned JWT certs
- Moves test keys to test/data
2016-05-23 16:00:48 -04:00
Jake Moshenko
17536e66dc
Change our jwt signing key to actually be self signed.
2016-05-23 15:07:33 -04:00
Joseph Schorr
2cbdecb043
Implement setup tool support for Clair
...
Fixes #1387
2016-05-04 13:40:50 -04:00
Evan Cordell
53ce4de6aa
Merge pull request #1426 from ecordell/wait-for-jwtproxy-config
...
Don't start jwtproxy if conf is not created yet
2016-05-03 13:20:36 -05:00
Evan Cordell
8da0ba37ea
jwtproxy run: sleep between retries
2016-05-03 13:09:34 -05:00
Evan Cordell
ed96c9ec85
Don't print 'waiting' message when jwtproxy is restarting
2016-05-03 10:47:19 -05:00
Evan Cordell
612c546d16
Don't start jwtproxy if conf is not created yet
2016-05-02 17:10:56 -05:00
Jake Moshenko
1dd978aa76
Fix copy pasta
2016-05-02 12:00:26 -04:00
Jake Moshenko
cc8e58e7f4
Split secscan endpoints into a new process
2016-05-02 11:38:00 -04:00
Quentin Machu
1207a71308
Allow adding extra CA certificates to the system
2016-04-29 17:25:45 -04:00
Evan Cordell
a6f6a114c2
service key worker to refresh automatic keys
2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d
address review comments
...
- more inline documentation
- don't explicitly specify audience
- approver is optional in `generate_key`
- ADD -> RUN for better caching of jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9df650688b
Install jwtproxy in /usr/local/bin
2016-04-29 14:10:33 -04:00
Evan Cordell
97ad9684d7
Use jwtproxy binary from github
2016-04-29 14:10:33 -04:00
Evan Cordell
4d0627f83d
Turn down logging on jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9ffc32f680
Generate preshared key on boot
2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd
Generate private key on startup
2016-04-29 14:10:33 -04:00
Evan Cordell
85667a9cf6
Creat mitm certs on boot
2016-04-29 14:10:33 -04:00
Evan Cordell
492dcf4781
Verify that jwt was issued by clair
2016-04-29 14:10:33 -04:00
Evan Cordell
118f2d0ce5
Add mitm certs to jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae
Authenticate in the other direction with jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
da0a988650
Configure jwtproxy from stack/conf yaml
2016-04-29 14:10:33 -04:00
Evan Cordell
adc86456b5
Secure the correct endpoint
2016-04-29 14:10:33 -04:00
Evan Cordell
8c8ee9c2be
Add jwtproxy and configure verifier for /secscan/notify
2016-04-29 14:10:33 -04:00
Joseph Schorr
1264c6330e
Increase read timeout on V2 to match V1
...
Fixes #1377
2016-04-19 17:52:54 -04:00
Jake Moshenko
0fdbf8a210
Trust upstream proxies to specify https scheme
2016-02-03 13:08:43 -05:00
Joseph Schorr
e7842a2a49
Add 502 page
2016-02-01 15:07:50 +02:00
Jimmy Zelinskie
e1f955a3f6
add a log rotation worker
...
Fixes #609 .
2015-12-16 17:22:28 -05:00
Joseph Schorr
dd344aba81
Add request time and upstream request time to the nginx logs
...
Fixes #1026
2015-12-16 14:08:07 -05:00
Joseph Schorr
a25572f2b3
Enable HTTP2 under proxy protocol
2015-12-08 15:36:26 -05:00
Joseph Schorr
769ec4c2a3
Enable http2 in nginx
2015-12-04 17:06:55 -05:00
Silas Sewell
8781cf6e11
Increase nginx proxy timeout and close db before storage operation
2015-12-03 11:19:39 -05:00
Jimmy Zelinskie
87a4e1f417
404 on v2 routes for the hostname v1.quay.io
...
This also copies v2 into its own separate location directive because you
cannot have nested location directives. Also, the `if` directive can be
very tricky and should only be used to return response codes.
2015-11-24 17:02:09 -05:00
Jake Moshenko
4c0e215c2f
Silence boto logs when running locally
2015-11-18 19:04:26 -05:00
Jake Moshenko
30bb97a04d
Remove the Transfer Encoding directive from v2 headers
2015-11-18 17:23:30 -05:00
Jake Moshenko
d6c5fc5d1b
Stop clobbering our proxy_set_header directives
2015-11-18 16:00:23 -05:00
Jake Moshenko
ad273eb002
Re-seed crypto random on all forks
2015-11-17 12:23:10 -05:00
Jake Moshenko
0459c3bc54
Merge remote-tracking branch 'upstream/master' into python-registry-v2
2015-11-16 14:22:54 -05:00
Joseph Schorr
49ab87bab4
Fix log permissions
2015-11-12 22:45:52 -05:00