summary refs log tree commit diff
path: root/scripts-dev (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-02-11fix testsRichard van der Hoff2-3/+7
2019-02-11Infer no_tls from presence of TLS listenersRichard van der Hoff10-20/+27
Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners.
2019-02-11Don't create server contexts when TLS is disabledRichard van der Hoff3-3/+7
we aren't going to use them anyway.
2019-02-11Fail cleanly if listener config lacks a 'port'Richard van der Hoff2-0/+6
... otherwise we would fail with a mysterious KeyError or something later.
2019-02-11Logging improvements around TLS certsRichard van der Hoff3-22/+39
Log which file we're reading keys and certs from, and refactor the code a bit in preparation for other work
2019-02-11Move ClientTLSOptionsFactory init out of refresh_certificates (#4611)Richard van der Hoff5-9/+9
It's nothing to do with refreshing the certificates. No idea why it was here.
2019-02-11Clean up default listener configuration (#4586)Richard van der Hoff2-48/+82
Rearrange the comments to try to clarify them, and expand on what some of it means. Use a sensible default 'bind_addresses' setting. For the insecure port, only bind to localhost, and enable x_forwarded, since apparently it's for use behind a load-balancer.
2019-02-11Clarifications for reverse proxy docs (#4607)Richard van der Hoff6-62/+117
Factor out the reverse proxy info to a separate file, add some more info on reverse-proxying the federation port.
2019-02-11ACME Reprovisioning (#4522)Amber Brown5-25/+89
2019-02-11Be tolerant of blank TLS fingerprints config (#4589)Amber Brown2-1/