Commit graph

178 commits

Author SHA1 Message Date
Jake Moshenko
746728ba24 Remove escaped_fragment snapshot rendering. 2016-06-14 12:53:10 -04:00
Jimmy Zelinskie
40e3a95868 runit: wait for syslog-ng before starting loggers (#1537) 2016-06-10 20:29:45 -04:00
Jimmy Zelinskie
2464e007d8 runit: add dependencies to loggers (#1515)
This guarantees that the logger starts after syslog and the process it's
logging.
2016-06-03 15:32:15 -04:00
Joseph Schorr
5746b42c69 Add a cleanup worker for the queue item table
Fixes #784
2016-06-02 15:00:44 -04:00
Jimmy Zelinskie
5568cc77b8 remove all default keys (#1485)
This change:
- Generates a new BitTorrent pepper by default
- Generates a new pagination key by default
- Changes the pagination key format to base64
- Removes selfsigned JWT certs
- Moves test keys to test/data
2016-05-23 16:00:48 -04:00
Jake Moshenko
17536e66dc Change our jwt signing key to actually be self signed. 2016-05-23 15:07:33 -04:00
Joseph Schorr
2cbdecb043 Implement setup tool support for Clair
Fixes #1387
2016-05-04 13:40:50 -04:00
Evan Cordell
53ce4de6aa Merge pull request #1426 from ecordell/wait-for-jwtproxy-config
Don't start jwtproxy if conf is not created yet
2016-05-03 13:20:36 -05:00
Evan Cordell
8da0ba37ea jwtproxy run: sleep between retries 2016-05-03 13:09:34 -05:00
Evan Cordell
ed96c9ec85 Don't print 'waiting' message when jwtproxy is restarting 2016-05-03 10:47:19 -05:00
Evan Cordell
612c546d16 Don't start jwtproxy if conf is not created yet 2016-05-02 17:10:56 -05:00
Jake Moshenko
1dd978aa76 Fix copy pasta 2016-05-02 12:00:26 -04:00
Jake Moshenko
cc8e58e7f4 Split secscan endpoints into a new process 2016-05-02 11:38:00 -04:00
Quentin Machu
1207a71308 Allow adding extra CA certificates to the system 2016-04-29 17:25:45 -04:00
Evan Cordell
a6f6a114c2 service key worker to refresh automatic keys 2016-04-29 14:10:33 -04:00
Evan Cordell
c766727d1d address review comments
- more inline documentation
 - don't explicitly specify audience
 - approver is optional in `generate_key`
 - ADD -> RUN for better caching of jwtproxy
2016-04-29 14:10:33 -04:00
Evan Cordell
9df650688b Install jwtproxy in /usr/local/bin 2016-04-29 14:10:33 -04:00
Evan Cordell
97ad9684d7 Use jwtproxy binary from github 2016-04-29 14:10:33 -04:00
Evan Cordell
4d0627f83d Turn down logging on jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
9ffc32f680 Generate preshared key on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
668ce2c7cd Generate private key on startup 2016-04-29 14:10:33 -04:00
Evan Cordell
85667a9cf6 Creat mitm certs on boot 2016-04-29 14:10:33 -04:00
Evan Cordell
492dcf4781 Verify that jwt was issued by clair 2016-04-29 14:10:33 -04:00
Evan Cordell
118f2d0ce5 Add mitm certs to jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
9e7a501dae Authenticate in the other direction with jwtproxy 2016-04-29 14:10:33 -04:00
Evan Cordell
da0a988650 Configure jwtproxy from stack/conf yaml 2016-04-29 14:10:33 -04:00
Evan Cordell
adc86456b5 Secure the correct endpoint 2016-04-29 14:10:33 -04:00
Evan Cordell
8c8ee9c2be Add jwtproxy and configure verifier for /secscan/notify 2016-04-29 14:10:33 -04:00
Joseph Schorr
1264c6330e Increase read timeout on V2 to match V1
Fixes #1377
2016-04-19 17:52:54 -04:00
Jake Moshenko
0fdbf8a210 Trust upstream proxies to specify https scheme 2016-02-03 13:08:43 -05:00
Joseph Schorr
e7842a2a49 Add 502 page 2016-02-01 15:07:50 +02:00
Jimmy Zelinskie
e1f955a3f6 add a log rotation worker
Fixes #609.
2015-12-16 17:22:28 -05:00
Joseph Schorr
dd344aba81 Add request time and upstream request time to the nginx logs
Fixes #1026
2015-12-16 14:08:07 -05:00
Joseph Schorr
a25572f2b3 Enable HTTP2 under proxy protocol 2015-12-08 15:36:26 -05:00
Joseph Schorr
769ec4c2a3 Enable http2 in nginx 2015-12-04 17:06:55 -05:00
Silas Sewell
8781cf6e11 Increase nginx proxy timeout and close db before storage operation 2015-12-03 11:19:39 -05:00
Jimmy Zelinskie
87a4e1f417 404 on v2 routes for the hostname v1.quay.io
This also copies v2 into its own separate location directive because you
cannot have nested location directives. Also, the `if` directive can be
very tricky and should only be used to return response codes.
2015-11-24 17:02:09 -05:00
Jake Moshenko
4c0e215c2f Silence boto logs when running locally 2015-11-18 19:04:26 -05:00
Jake Moshenko
30bb97a04d Remove the Transfer Encoding directive from v2 headers 2015-11-18 17:23:30 -05:00
Jake Moshenko
d6c5fc5d1b Stop clobbering our proxy_set_header directives 2015-11-18 16:00:23 -05:00
Jake Moshenko
ad273eb002 Re-seed crypto random on all forks 2015-11-17 12:23:10 -05:00
Jake Moshenko
0459c3bc54 Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-16 14:22:54 -05:00
Joseph Schorr
49ab87bab4 Fix log permissions 2015-11-12 22:45:52 -05:00
Joseph Schorr
7816b0c657 Merge master into vulnerability-tool 2015-11-12 21:52:47 -05:00
Jake Moshenko
ab340e20ea Merge remote-tracking branch 'upstream/master' into python-registry-v2 2015-11-11 16:41:40 -05:00
Jimmy Zelinskie
5655c08467 fix security worker service permissions 2015-11-10 15:22:36 -05:00
Jimmy Zelinskie
270010105d add security notification worker to init 2015-11-10 15:22:30 -05:00
Silas Sewell
e826b14ca4 Merge pull request #725 from coreos-inc/setup-tool-georeplication
superuser: add storage replication config
2015-11-09 17:43:38 -05:00
Silas Sewell
5000b1621c superuser: add storage replication config 2015-11-09 17:34:22 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00