diff options
7 files changed, 293 insertions, 47 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index b7b1601..f2d532a 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -698,6 +698,7 @@ node 'cdr1.sunet.se' { node 'sto-tug-kvm2.swamid.se' { class { 'sunet::nagios': } + $postgres_password = hiera('flog_postgres_password', 'NOT_SET_IN_HIERA'), file {'/var/docker': ensure => 'directory', } -> @@ -747,6 +748,18 @@ node 'sto-tug-kvm2.swamid.se' { group => 'www-data', mode => '1775', } -> + file { "/opt/flog/nginx/certs/flog.sunet.se.key": + ensure => file, + path => "/opt/flog/nginx/certs/flog.sunet.se.key", + mode => '0640', + content => hiera('server_cert_key', 'NOT_SET_IN_HIERA'), + } -> + file { "/opt/flog/dotenv": + ensure => file, + path => "/opt/flog/dotenv", + mode => '0640', + content => template('sunet/flog/dotenv.erb'), + } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', volumes => ['/opt/flog/postgres/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], diff --git a/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb b/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb new file mode 100644 index 0000000..bcd167b --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb @@ -0,0 +1,18 @@ +ALLOWED_HOSTS='flog.sunet.se flog_app.docker 192.36.125.10 2001:6b0:7::10' +EDUROAM_META_DATA='/opt/flog/institution.xml' +SENTRY_DSN='https://1ac5a19b73d04d91995055a81710e537:c31c3e5a162f477e8d6a9665aa134f8a@sentry.nordu.net/4' +EMAIL_HOST='localhost' +EMAIL_HOST_PASSWORD='' +EMAIL_HOST_USER='' +EMAIL_PORT='' +DB_ENGINE='django.db.backends.postgresql_psycopg2' +DB_NAME='flog' +DB_USER='flog' +DB_PASSWORD='<%= @postgres_password %>' +DB_HOST='flog_db.docker' +DB_PORT=5432 +#CACHE_BACKEND='django.core.cache.backends.db.DatabaseCache' +#CACHE_LOCATION='flog_cache_table' +CACHE_BACKEND='django.core.cache.backends.memcached.MemcachedCache' +CACHE_LOCATION='memcached.docker:11211' +STATIC_URL='/static/' diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/hiera/data/secrets.yaml.asc b/sto-tug-kvm2.swamid.se/overlay/etc/hiera/data/secrets.yaml.asc index 5cdc3a3..6b95b71 100644 --- a/sto-tug-kvm2.swamid.se/overlay/etc/hiera/data/secrets.yaml.asc +++ b/sto-tug-kvm2.swamid.se/overlay/etc/hiera/data/secrets.yaml.asc @@ -3,51 +3,51 @@ STATUS=UPDATED -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.22 (GNU/Linux) -hQEMAyGs6dShF77JAQf/YDLkkTJLoT8J5gARAd6lruwbf4WReiwildX+cPIjqLcY -k/y/12O6A1E1n84t8erFmgUAnxXOGVPCsrX1CJF7iZVi4HQaXc0O9uGkXfmTA+ra -hcgGlaU7k5O0adligh3//aG72Jq4Nqe1GNbFPGFzmeWmz0vu5ELaZ+QCSmnvLQ/z -BHiKj8PJA93KzTq39ittLrlaoT0nHxq9WhDzv/CkrMxAyyRrQZLFVCTQFBd6H+N0 -gissuFu7H+ve5FcT+9ZZtsb0Vzli87gxMZRnlLtrccO58hc/rwdMJVowgN+MmlQP -kHsyVLHjBaS28TWW0dieRiHkzcs1lWnxLgV4CZhNGdLqAW/oTCQ4vMbAsjfmk5X2 -zNqLTJyEDsK4dr2qDZ5aRXvLqvcZd1CIxVfMeKuXl7o3Hzwyk2nktjT9pLS7YrPN -dlYNL/ub9bv66yqYCUBBdR0Z5IRdvFWh9QhYluGUyN9f1ix3fiyEg/0SqNSTIwx5 -lSpHyimogP92fwIc13WeMCSFWWbx4C7O4UZkNALfr19ooKT8X4sXGOoCkDmpLHTW -GkGbxqxIQ5DrPZaoGxRYjRDZkggIgylrfzUe79uIu+S+cvpsR4XZ3l2CfkGzQN1p -wyKS5vFzKtsILDSEnR0JwTXz33ngQH+crSB8+ZJU+1qsw3noCZkm8M28TzXal+ec -dcYwNRu3cMmvWoME+jHbRbkOblU9oVJCE7nexOMbXh1W16cPJPrqHANoSrSwZhS7 -O0ZPKxUVfneaF8BdV4W2xIzZVPHMOw47spVDBwL+cIWvuSN3x6QBhVh+bjl8tK/f -TewQ2OJIjjbQMNKAvsVun7WJp3T5R1ncTgWDOZJpmtPioO1SyrI9vapZXRGQjBWB -uei24UhZ6FrgzDPesUPg8SYZ5GYOV4rPHpiT0XY1HL7KlyP3MFotRJvML5AdWM1K -gYVvlTHqSaUSmDT4bc3xJG5p7vqqkCyZuTYgmELwEvb29VaHF2Y88DrHgaQJnEFg -J57DZEns7SgWu97Qnufl2FqQOZRB70+HAesZASlBrBKMnyw5v2SwcFYOQh9B+4WU -qAdaZnesU92u56ohAUl55Id2rKneZoWjY4CwuCJQOmoXJr73CyIpAITMp5SXV84o -TH4awqsal/P9YiwcKpG9FMSerXqlb3UankTKqH0s1GAJEpb/7a6dWw+UOr7J/WgP -i9IVcOOjVtstIQoVGociShrU+J9YwTwcvGxlG82CzgpjfZgwyjYSPUD2Gf58aeZl -q23rGXZ6+JzqXmNRP281E0sLIsXAz6+S9H8ndx7K+GFiN8CMomthVuWosN90vW46 -svSdtLKi5f7DoWC9nP1KXIVgl4eSOX+4wmiRWgyhH3bgieCdX7Ze92Dp84oJXrTZ -vBWP5bT5lNM48p5G2lkbmZ0lOKJ3yVu0mjGr3wbA1up624WffKLM6qPkwN4iFsbR -SorKX8o4XJ9nGsfyjW2T5Y+xX8Xe6SiDwdi6l5XXTnsSWwbVljK4jhcUJzXc/Xla -OZ0kw4RVpSUJe2kV52XUcSgefKiBWh+b37VuNfe2h2Sr8T9bINqsKEmypbGuEbj4 -/osx2TraueM0EDxOtTNUvX/iGEA9BxSVDGsns+67S6FEzZArFZUPeTCXHASpeQAt -9beKz8sxfNfXQxlkVAxy4WKgq7JtGEiBPlW7HYfiImiI/iAXDv7JSgUnJnETSy+A -eekLNxqwaxQFb7tvo6ljxIyK9XdwN72XSQhcCt5VVPvt2kDmf/bclzEEH9/3WpVQ -PtkB8Kk4T7UnPq7UF374rz/e+6OB1gLbGI4AgHAhb0QUOhCQZoRtPxJDzg8WeGml -FXefobH5ibIejreTZgzMKL15/kQEsSyV7GEagiEE1RXdulo4vRZH+ufGeIbblwMh -x7/SCeAuuaksrz460gILuyiAJmZKpE1uEH7c75NquHlLs5fGCqjcWSiKoacXagYu -CX2KVC0H9loQ4JoSSGj4W+df0td358tW2aV1S4kx1TNl0zKZ6rh6dog/MozDvaZW -W8aWSKE/bQxqFOW7mwZ5oZHLHOfavhJ4W6K3qTAHX3XKIV/477+fnOYxl0GEbuKX -EDAozcdQXd694CBrYx8Gs2Uz6rLJUpdtnd+KC8hGUb4W9TMuOFDmzJCk1RQYcrj8 -MEecAk9Of3J6XlYlSc5OK1CIj0NGeg0UYF/dRURYjj0raWFjUmLhRPkHLXIY80r2 -6YRGwPQiwzTGegP+T/elohmlgCxoncsuQiCAM5gicvtDhoNOl72q+6Mdk3bDJaI6 -fRUVx7DSQUbM8Kntlr109ubsM+ww/D4m1RuIjWsgJYk14elCbQTk5cH0FMwtJh6o -DZOgaO3NwuTiop7IH+9aLCpVIWrAQHbqhK0DKlZiDqwWQMCofxKO0Kj5+gP/CR+p -HORz7SORX9/KRylQ2KMMOj7y20Z3+y+a5xZLGBsE4gOccYZcoAivnV26+ojP+0rn -w9R67NA36VTgRplWouwosSwdzIQ+1mtxzknn3OpL6uUZJr59yWuvIw9HsecJ8IJS -B0FaHkJ6HhdHwrorePf+hf7oVqWDvONmploEjgcwcJspIHzjWMI0+jsXckp5Di37 -SmyFzmxNQFz3SpTRplVyO6EZzUZ9m6V1MCddjpZLOYvGR4TTza1j+7fgg5+s95JL -9Z1BR/1MhY6PxlotNBehMeUdcnCX4ldzBGWRhWsriXEFQNES+5lR6qlT4WJtQSjQ -7E4liEswOByDpgrG6MNgiGlfQrhuwoYCCHJkKbC+52nYfechMXhyo4asKfLJZotW -E0yBYnYemBshEEo7f10GNLYMw6tPqOJ+EjxHMMJnLfxnvS+W6xBekhe8wh8py06L -e+ItKfTpQDkh33A3 -=adTJ +hQEMAyGs6dShF77JAQf/UGSNK7RoyAu2WnA1EMVP02aVuvJHGAqy0OjT8dhN9KGH +wlkI9k+VKt8wLV9Pm450Jth2SWN8BzK+05hlHmQGJg73yLExCB9fENHZoLpkMHFf +XQMJWyTFP+0cqsv4gCeMyjKX85OH/n2EHfCp5cb5wnK+e7nDK6V5YZJDiZSFy6PX +pF5oGQkpmD1mjy4ip463rJsYNN/6DEzjKd5zjigJGUoXC48sC72spoixa1kh40Hn +UsT511DOOAB54qHeqADXZXVwenP84SAchKtfQsHgPdEknuNSnFkwLnhcrME2YwtK +VJhghTmnLaQtFBj9H3rPJwAutjel3CF2IBIepGeontLqAa94HIQ6c2H9ntVheEJN +gBrAV4Z/6GP9bFZkZFbk2C6aLcbus77mPsbc0wU8itrrhGXZSmcivJkFjJGgHpBg +glhAyPxyVK5nqnfvFUs1hld4CifkNAFiDFqYUzA6Visxss8Xk1V98qs48KtBNQgs +ztTdNvTJgHQ5CQX3nV/thrpbHxlV5oftsKEs0u0+z5V7Nzna/czk5kma/B+UJksA +klXovyS945WVe9gyHuizNImXK234ObNDnw5Xwuq0Or/epQn2Yp8ZV3NXNzYfKwv0 +xRpDmqChusZecmIJ6oExz/lyUicejlxe7QzQJfljs7gGEv+AgtTDEeT1PTyA0NLU +bCouUP86qs6bsDuZBZbsjbl3xnI8+x74YWIBNNw2ICyxaP3quOciDwhHL05sF+fL +XDT5ZpnisuuFJvOSwTRnR+U//c0Nza1wvv+5NdSP4wSjMXdSYrbq93PVrK5zE/Tq +pZmmXU7cCzVh4pZlgoUz0RQq4zKWlN7lLiK2V/5x6Dyay8sUNA/MdkEj5J/cdw/c +s8zAAM+kr3VoCSvcC5c87HQpOPbT2xXTPEKqTCbXvbaRQ803C616gO58xCdm6kwX +xICnIt7AxMi+29GOwFgFKKLAmfBOeRa/6DAFTVE6x65QBCMR2u1+dUDOTBGMbyH9 +Cku0oXh9LDz/lO1lS7eVB9ef4z/ir4gNLgztKycHiSKvtAxnRZ/mkcfO/kUSZtEY +1147ZtfipcIAsbViIW6rrCGgZalDMcIgWgr+62SDmsFZhmN3hTvklKPA1YcN9X+N +yYdDb9d5q0g4cRKiWGE8Fnb5M0QpmOsjCfJQiEY02bZUZEjguNWfuCYjTs6PqFc9 +YtNhtVIVer90lvub2O1dp+bHWeTYQkxWJGAbVVQSvm9210GvjIIDcUtPKJ81Ca7A +2Hk3PAI8VHDdJ6t36gulX5l/CEM+bdC6Aju3VkmErhF0YW1SgW4LRiwVruDtSa2m +mm5n7f+q9frHY83MYRaQ5WrQl1E+7HxX5oij2dGKUsHoHK5KSrUryBKlN/D16jBF +O2INTBi31YvOGkZ7tONuSPAJ4Vq6USIJhvld/ctQCA5QimsKQbw2p6JTp29IA73h +hIJoGH1M2iVtEDxe5xPiZ3W+k6/S9mktX6lW2f2elutbrY6dLIfb7VM/IYfHNWRb +uZbn7cNjYq0fVRXHN7SGn0W7BMNX7FFaZ9yqQjMFXxZzXhrtvf6nWrGvZkHIknua +hET+8QDhSTbR/NiUJf2k0zhtO6MSn5E6qmVA5OzmCW+UcXUfrX8EOPA8cR1RvDjQ +wiO+APx6M4O+ePsT82JNjRpWPBs6f2Me3fkXxvjZa+XWaHQdjtwnkS6dekYP4yFA +mulHxwtLV/2u4cYfzqdnrRWKFZSmHpIkccdgnvatOK7LGShXQuCXAeUjMG/Im0Ni +N5O/SYwgGAQQFTQiDDx/R8/LUzqyudsgeMI3/j1kQSmCgY+0jqRR+l9K4NVJMZHd +pW3NEujQbrxLFqHxZVYNdZaDBKpIwHpiPMzlheQsja/iT3mqId0tPupqq9sxdcjU +IArohGICbl5nTCFoGoxA81g0ZGZJMewf+eZDRQQCsgYSt2DbixgjR7Vh0WgBxuY2 +DURw2fNdfGUIMYwsMJMhNuyDKBNaD8dEUzMd2noYBmWPDyVvene24F56JuGYC0lj +gih8szBR1DEl4LG97z8u/KUa5f9CsmL6w7yLdPPHmNVw4rfkLFH8WyXqJZ6PfgrF +1Lpgf54sBYjiZ5Dkyw4qpi68bqifCk363kyYLrfGx/5EMw4TDsvvjVYrK9160mFf ++E+4zWORMajUDpNhbfugIAn78+M4ELCFUIyszAniZMk02srOxfjcZCd+TBIobqEz +ttbZrYZKS/fgD2p5u73mYFb8ehuQDaJcMhe/NzFHjOsiAyB+CEc1jTgW6KBNJHVZ +tIhB2lVTeo8XmgV9zugvpCTFwGl5CIwP0inDx2EbLfgppkwBRzoxGiKHO1m/w3Do +rUGGgEjo6nQKcRdJn99lNDBDCGXWmuDuw0sBXfnJ/APKDcCsPei6ZFX9tRRF0M60 +y/Anj2hW1IgteOVK/gOG11UY9Bnm72xOCYjmHqlaFu0tVTcDAo/X1hML14eeiIjt +KBMCAkSF5UQ/+uyXG0I6hkER7/hd5qgWEPKv00EZrxbYEOJRT5qJLa4O4gD4AmfX +jR+C/40+hmMXiOLM1MpaiN7S3jNVYIzPP+sZ87U42B5FZJzgNVogJ3CznQgCxDEw +hPnzEhQ9hyR6gugQhZT7nAwdZdWMMxgTjFLFgsyLOd0W7M9UjKEL4c2MsMZ1YWsm +rl7Alh4xb4ywFnqQFqhz7GiU5PGctb3YgwoZf5FjzHsDAOOkNu+Wz2xv7B+YmTK+ +FbsnT7fRBfLThOTFWakd6jtFoHtV1lZCtgMwbJ1EnJDssQk8B/hFfwN1Y1pZe+Xc +J5S0ijnfo4T1hkzsAQ3YSQhH6PK6XnG2YE0gfRSyCnMfaG+JPiTdD7yqctHHJevI +472Dq598G9J2e8MNj4NccQ== +=3Gc8 -----END PGP MESSAGE----- diff --git a/sto-tug-kvm2.swamid.se/overlay/opt/flog/nginx/certs/flog.sunet.se.chained.pem b/sto-tug-kvm2.swamid.se/overlay/opt/flog/nginx/certs/flog.sunet.se.chained.pem new file mode 100644 index 0000000..d147e46 --- /dev/null +++ b/sto-tug-kvm2.swamid.se/overlay/opt/flog/nginx/certs/flog.sunet.se.chained.pem @@ -0,0 +1,118 @@ +-----BEGIN CERTIFICATE----- +MIIElDCCA3ygAwIBAgIQW0iA3AfO7pg3xCopsSGlfDANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJ +QW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wg +Q0EgMjAeFw0xNTA0MjgwMDAwMDBaFw0xODA0MjcyMzU5NTlaMDsxITAfBgNVBAsT +GERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEWMBQGA1UEAxMNZmxvZy5zdW5ldC5z +ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOcr6JxiW6Jyp0M/TEv1 +ibCEY1Xla+gMw/QjXW+wgO/sqf0atnC905a6H4lzzlkMGkfF4jBLJjrprXyg/zzE +HyUi/nUBtsEvwu4+/sCYscyZhGlubNWRFXaD1u+V37/M+EQtDfZSxsSvrVrxBGGi +dvlsZcFbtkh+cT2vcq9V5s4gGF7ik1jjTA6dWXEeFVlSGuIsYaoDwbFEsb7rcRSD +tn6lze6Wry6YmWG+i3vL/IgM03/gQPVarUM6I2e6gJHnMwOhR1o1laSapcOndkad +Jaf2xMzYUbPZiak/FUV3BtYV7+LtpaK4ftH5ARQrZ4SZKqrfsVAmJZqyWalsi761 +8W8CAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFFvQihyaMlvgtd2WVBvhhiiw/ba9 +MB0GA1UdDgQWBBSjvEWwoHh2uq0IKI9ZAnfCbEhb3jAOBgNVHQ8BAf8EBAMCBaAw +DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYD +VR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2g +K4YpaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1RFUkVOQVNTTENBMi5jcmwwbAYI +KwYBBQUHAQEEYDBeMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnVzZXJ0cnVzdC5j +b20vVEVSRU5BU1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl +cnRydXN0LmNvbTAYBgNVHREEETAPgg1mbG9nLnN1bmV0LnNlMA0GCSqGSIb3DQEB +CwUAA4IBAQBf7JaNrj4SchK4QxvnCtCYh6ct0sjYZHtSYqQsd/kFtLbQhT8h8MTk +FtJWEyfuqcmiWT3eyPPcP0GsH7LLTJOzptjzUXHbs4m/zvN/JtvfxXwZV8xBtoGJ +rXo9OE+8G0xbY9mFfVblkqk52rPuHOUHCTRga9Tcc+QW7cKA2BDCWRuJKb6Qytx1 +x0qJKpF/e8u52/FXLG+OpZdw92ZekPYQTQwiZ/maOro2bX8E/x0lm15zvqIMpryy +s0B/7dMMbc3teS1rxnvKojJ4WU3+7Yzy/Pp+as8jymaalrJoCNdkQORrZiaFawKY +B694Wc0N9VkL+JBjU39KV/3itTA9b1lY +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF+TCCA+GgAwIBAgIRALD/zzodgkSYFWKdZIhqQWUwDQYJKoZIhvcNAQEMBQAw +gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK +ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD +VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0 +MTAwOTAwMDAwMFoXDTI0MTAwODIzNTk1OVowZDELMAkGA1UEBhMCTkwxFjAUBgNV +BAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFtc3RlcmRhbTEPMA0GA1UEChMG +VEVSRU5BMRgwFgYDVQQDEw9URVJFTkEgU1NMIENBIDIwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCwOm1/qbgAnvOFOghkLPlEDCC0sxVNBi2m8JPJSL73 +ZK2kjhWzMYEUF/xu4osZdYs2Es8HbXZ4Jl4nvywWukL73R5Qj2SvdZsKOoKpMSVR +jn/EQt0fXJORu5T6cFf65/24uGjKm2oZJFQ3/jJhifciwY9j1dFpfklNvNfQ20zW +9g+9wYhCk9aR+Z+WmRHqbnLngCFs8U6O7GO4Pa9lOdCFkip5Og7W6K2bJYmi1C5y +a3Oh0uLfzlhw/8BUAXdd+XadL0PaoibdHUKaTTixVv46tMtrbPJqnz+zrjun0BU+ +rCd/G/RZYFBWfp11JZ4/xna//5nM2PGpaolf3ucHzY2LAgMBAAGjggF/MIIBezAf +BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUW9CKHJoy +W+C13ZZUG+GGKLD9tr0wDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C +AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCwGA1UdIAQlMCMwDQYL +KwYBBAGyMQECAh0wCAYGZ4EMAQIBMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB +hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh +dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo +dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j +cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI +hvcNAQEMBQADggIBAH2QaWZWVBxrPK5/JQgT6btkbPVniC+9wVEKrtNj9i3bcDEJ +AH4di9rkMyGY4CGT28COJY5VBswqZeMD6FlyJ643mph8wvQTWhJxLW2r3zJpgacG +oosgHaiQ0iiqYdT2/6W/hoCOZ5EqIn4dlC0aYbsgIZCJ6NUKEQr2CLpeG8tsKIU+ +xRYPZf230bFhwaYl2Ia/Dvqb+tH1IqdnuBUu+Qitt3UCOfQpYfm/wKoX60LeJo+d +ZWQyB95sPTLTA+xH1XRpIDp+uHDvqaIqnFVCtuM+i9j/Jlr7fCZsiIWG15M+UPhE +h9RQ0R1DMDK60rqNIQjK9+7Gbs6SWQgcU3N0j5z4160avk1G7qzEuYHrp1DMHWb8 +Dg1+Bh24DtN+u5qHrgu2m4QEzsGgexbfArIYQ62ruSYJq6oEHVA37iq9IkGKALXc +n8MF1OaCTGfaKwL1ZaxZKbt6DE5Ut9I7fQM7IGTGxehQKpKwX6BHl3JYX8EKb5/1 +PQnV5whodZLi1biej76NGztDjPNO1VSrdu3MUH8ume20tUn643V9ixFoDdU6+l1Q +sCuBA3gstNuPv0xAW5KjohoKQV2sV/puV070B1XrYwgykwAkSl2dwsFSKJPByCQa +ppP7zX0/pnO8z2ideWMu5yUrQjg2sQtWwopf965KMdnfagbNL6OYCbwFgBPH +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF +eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow +gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK +ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD +VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt +UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC +tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf +jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM +8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm +AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV +Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 +N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF +qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 +HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ ++gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX +HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv +A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud +HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 +dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 +dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD +lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn +RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ +YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 +Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf +Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p +0fKtirOMxyHNwu8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- diff --git a/sto-tug-kvm2.swamid.se/overlay/opt/flog/nginx/sites-enabled/flog b/sto-tug-kvm2.swamid.se/overlay/opt/flog/nginx/sites-enabled/flog new file mode 100644 index 0000000..93697cf --- /dev/null +++ b/sto-tug-kvm2.swamid.se/overlay/opt/flog/nginx/sites-enabled/flog @@ -0,0 +1,51 @@ +# the upstream component nginx needs to connect to +upstream django { + #server unix:///var/django/flog/flog/flog.sock; # for a file socket + server flog_app.docker:8000; +} + +server { + # http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html + if ($http_transfer_encoding ~* chunked) { + return 444; + } + + #listen 192.36.125.10:80; + listen 80; + #listen [2001:6b0:7::10]:80 ipv6only=on default_server; + listen [::]:80 ipv6only=on default_server; + #listen 192.36.125.10:443 ssl; + listen 443 ssl; + #listen [2001:6b0:7::10]:443 ssl ipv6only=on default_server; + listen [::]:443 ssl ipv6only=on default_server; + + server_name flog.sunet.se; + charset utf-8; + + ssl_certificate /etc/nginx/certs/flog.sunet.se.chained.pem; + ssl_certificate_key /etc/nginx/certs/flog.sunet.se.key; + # PFS settings from http://people.adams.edu/~cdmiller/posts/NSA_SSL_settings_for_nginx_and_apache/ + # NOTE: these settings exclude Win XP with IE 6 + # + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!ADH:!aNULL; + + # max upload size + client_max_body_size 75M; # adjust to taste + + # serve directly - analogous for static/staticfiles + #location /static/ { # STATIC_URL + # alias /var/django/flog/collectedfiles/; # STATIC_ROOT + # expires 30d; + #} + + # Finally, send all non-media requests to the Django server. + location / { + uwsgi_pass django; + uwsgi_read_timeout 500; + include /etc/nginx/uwsgi_params; + proxy_buffering off; + } +} + diff --git a/sto-tug-kvm2.swamid.se/overlay/opt/flog/postgres/ssl/certs/ssl-cert-snakeoil.pem b/sto-tug-kvm2.swamid.se/overlay/opt/flog/postgres/ssl/certs/ssl-cert-snakeoil.pem new file mode 100644 index 0000000..1e51120 --- /dev/null +++ b/sto-tug-kvm2.swamid.se/overlay/opt/flog/postgres/ssl/certs/ssl-cert-snakeoil.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAbqgAwIBAgIJAPWiRS1801VVMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNV +BAMTFnN0by10dWcta3ZtMi5zd2FtaWQuc2UwHhcNMTQxMDIyMTI1NTQzWhcNMjQx +MDE5MTI1NTQzWjAhMR8wHQYDVQQDExZzdG8tdHVnLWt2bTIuc3dhbWlkLnNlMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AeuSvXfxZEDnhqPAnPb1CA5 +ijzHYKCAV8tPbrwzJDHCDd2bPhRSfnUMAg12DmHvaqFLekk0kuYRPETVVpPxk4ss +NZgh/3CqShd3UnMjoAUFT+sq7c7OqbLD9bWY8EbgEid1ph2t+nAxXNoRVQd2azvP +llbwBmKrW15WDFPVnv/zyRs85xviaQgmmowMVVjPNcxw2oMpeJTtpSm15RQ0x6Kk +p9cUILj7p7ls82uOutJgYL6MhGytqdtgoWu6sEoYc3Sck/scZJnBMwecvkKC8Zvj +qk/JvIsGsme7Akp8bK0tJ7Pts9mtTaSqwqHsyCrY6lZE8wKmJ7bUX70yE9eTCwID +AQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBXJPEZGI5EXNBf +NwO1jT9Mvxfjs27Cw72nO6PR+ZdGdludQH8NDuEK8FudAdenk4r40KTqsxlezr+y +Wn0JMe92IUvag7T/RNPNXu0IieNRvNTMwsNfZJnymqReEnoHYB0f8U/rX+vshKwP +5D7pdCaXspzXr3rJ+ZNw6YBxqgeprCcln8NSi2gtnA/PGTyzpPRmlFpRvBy+PC/I +fBejYOcgrc1i7v1MYC85OnMLzIGsxsnQIJjtjK8iY9BDyhQ1S+Jwu17vWJ2ZWGlk +NQUnSqJw447ooQUKLrpkx7brwSLMDPDO9hO7/b2L/VsfGlGiaXBhUEYF3GAnOwZJ +QslpyIrc +-----END CERTIFICATE----- diff --git a/sto-tug-kvm2.swamid.se/overlay/opt/flog/postgres/ssl/private/ssl-cert-snakeoil.key b/sto-tug-kvm2.swamid.se/overlay/opt/flog/postgres/ssl/private/ssl-cert-snakeoil.key new file mode 100644 index 0000000..3e0d431 --- /dev/null +++ b/sto-tug-kvm2.swamid.se/overlay/opt/flog/postgres/ssl/private/ssl-cert-snakeoil.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQB65K9d/FkQOe +Go8Cc9vUIDmKPMdgoIBXy09uvDMkMcIN3Zs+FFJ+dQwCDXYOYe9qoUt6STSS5hE8 +RNVWk/GTiyw1mCH/cKpKF3dScyOgBQVP6yrtzs6pssP1tZjwRuASJ3WmHa36cDFc +2hFVB3ZrO8+WVvAGYqtbXlYMU9We//PJGzznG+JpCCaajAxVWM81zHDagyl4lO2l +KbXlFDTHoqSn1xQguPunuWzza4660mBgvoyEbK2p22Cha7qwShhzdJyT+xxkmcEz +B5y+QoLxm+OqT8m8iwayZ7sCSnxsrS0ns+2z2a1NpKrCoezIKtjqVkTzAqYnttRf +vTIT15MLAgMBAAECggEAWs7/hjlONS/YJGvzgV6R10c51t4xKjzlyW02f2An8uTF +kMfrvG2ilREC7OJzZlPZ7vH5wKe0C2vimixx9BkgmwdlhP+j152WuEEGFTetlWyb +pQdC9gwQqoMeh2N+H2TQ6xvOf3T1PR08bwvCBRv81VKGi1nn7OGla30Ckt8FoSHP +cTEYsLQhn6XyFPYZvtSgoaxA8kEGBICD/LMpkqQ2w8QDiqD0LJ6Dhiu4AAZTjksK +CXc/qek35ldAYB76f/02YRMJCDwW7h3abmkHv7FMDHk9K4APxWYxWlUIWc4C4O1Q +fMesGNIqpFXlTSj4g3bdVue0R/rwvdz9RLS2gyv8AQKBgQD5lmQumMzH3JpTnIg5 +VNGHxOI1OtqO32H/gdlPkWZTfD6dhitM2NfdXlntaSZ4EwoyDu6Iq/a9T32jUHnL +iV3Fn59a1bQcYsl/g/Q4P78XbRIjRFU602JdQGVJeeAB5h/v/xrhcr/fyRAsk1gD +/N6VR20TkoO6YvkRH7xpv8/HSQKBgQDVX/Q/QZg/BlkMTvrQz27xnzBdtoycRGE+ +V4J0l7U9txs6i0uTCwFU8C5DA7LffbNYhDMC+eJzXRgYdCwcsQUJP/2KzkRuKW4/ +SIe9eNk4kRcfti63hiubshh3/HmvXgftv5OHGHRCb2KUx4BEB5S0Vh9/+9l5SqG+ +XejFiY5jswKBgHoG55BIsMZ+uw1qGMg/Cfqhbh+sWLNF0DoGGGNoqWjj9BE8SetW +kaPvv3Pt1xsZ5AA5gLJdsVM5jCnO7N1wmeJHergEh/zg57dqonrl393qO9X2UN1k +AFGrbFoSNk13X+INDe1wFxOo0DmbCItalNDTjSbmmXUFctTGeW4Sk9nRAoGBAL/q +eENU+lzllr5tY0bg7EbDCbugb8Q19Mkf6KR5t3h08zarBySQp3gAN3vrHb3Kz77z +2PX6T+W3e+6yvuJnjcIOHjv03rO+6/xbfku7IJWyWnwZXtePBDYb78or+j7zcmoy +/7xpEFiY2rA66HFH6EZzmA2DNs3ThLs2uCDEYp/lAoGBALEgYoAlUWK5zeV2zrLa +vWdvubphN76ljVX23vW8cx5S07w3QeIqLZR4C1BH+9/ibbxGks69dDHg7y7EKe6S +6lkhRjhMCvN2jg0tMBU7skPmLs75wN98qC3TqK8uu+gdSPsctG5w1QIS77p+5lCg +7x5NyDVPI+bX7MadeANul/8c +-----END PRIVATE KEY----- |