Meeting: 2016-11-01 DC-2564

Attendance: Issac Morland; Lori D. Paniak; Nathan Fish

Agenda:

Discussion of haproxy/backend service layer 4+ configuration.

  • overview of haproxy solution with three nextcloud backends
  • question of supporting multiple TLS sites on a single server: SAN (current CS configuration) vs SNI (preferred/only haproxy configuration)
  • of SAN with single cert to update per year vs SNI with cert and update per service per year
  • request access to API for cert renewal from IST. Automation should remove load of moving to SNI from SAN.
  • need to lock down haproxy console better
  • question of frontend doing authentication with stateless backend configuration - scale-out advantages
  • move towards OpenID for authentication leveraging remote_user framework
  • cs.uwaterloo.ca uses dir per day for apache logs. Aim to replicate as standard configuration for nextcloud and other new CS(CF) web services.
  • end goal for logs is to rotate them into database for analysis

To do:

  • request API for GlobalSign cert updates
  • initial work on salt-ifying www152.cs apache configuration. Goal is to have a modular, per virtual host configuration in salt that can be easily updated and deployed to arbitrary hardware/containers with minimal effort.

Next meeting: Nov 4 or 7/8.

-- LoriPaniak - 2016-11-01

Topic revision: r1 - 2016-11-01 - LoriPaniak
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback