| [10:33:43] | * realityloop has quit (Quit: Leaving..) |
| [13:22:34] | * gusaus has quit (Quit: gusaus) |
| [13:38:23] | * jerryitt has quit (Quit: Connection closed for inactivity) |
| [15:15:13] | * kvanderw has quit (Ping timeout: 260 seconds) |
| [15:16:12] | * drakythe has quit (Ping timeout: 258 seconds) |
| [15:16:28] | * fatguylaughing_ has quit (Ping timeout: 240 seconds) |
| [15:19:54] | * fatguylaughing_ has joined #aegir |
| [15:20:13] | * zz_kvanderw has joined #aegir |
| [15:20:33] | * zz_kvanderw is now known as kvanderw |
| [15:21:43] | * drakythe has joined #aegir |
| [17:05:40] | * ybabel has joined #aegir |
| [17:15:10] | * reaper013 has joined #aegir |
| [20:15:32] | <jonpugh> | Now that's cool... |
| [21:20:28] | <colan[m]> | gusaus: That would be fantastic! |
| [21:23:46] | <colan[m]> | jonpugh :I'm sure we can hook the new Gitlab stuff in as well helmo |
| [21:27:53] | <helmo> | colan[m]: sure, setting up a gitlab webhook bot should be possible |
| [22:02:09] | * noecc has joined #aegir |
| [22:52:59] | <jonpugh[m]> | colan: as far a as I can tell, each user gets their own integrations... How about I'll handle GitHub you handle gitlab? I don't want to be responsible for more than I have to be ;) |
| [22:54:38] | <colan[m]> | jonpugh: np, wasn't asking you to do it. Was just stating that it would be possible too if someone wants to do it at some point. :) |
| [22:54:57] | <jonpugh[m]> | I didn't think you were :) |
| [22:55:19] | <colan[m]> | But maybe you're asking me? :) |
| [22:56:02] | <jonpugh[m]> | I think it would be very helpful ;) |
| [22:56:26] | * colan[m] is working on services-induced site installs over https. |
| [22:56:26] | <jonpugh[m]> | Very few people go to gitlab ever, so very few people see the progress you all are making there |
| [22:57:20] | <jonpugh[m]> | (riot mobile push notifications are faster than irccloud, btw) |
| [22:57:33] | <colan[m]> | jonpugh: that's only until GitHub realizes that it lost, and then gives up. |
| [22:58:25] | <colan[m]> | The Gitter purchase was very interesting. :) |
| [22:58:34] | <jonpugh[m]> | Ouch |
| [22:58:36] | <jonpugh[m]> | Regardless, I doubt many go to GitHub either :P |
| [22:59:26] | <jonpugh[m]> | Yeah, here's hoping they just rewrite it using matrix ;) |
| [22:59:38] | <colan[m]> | Heh. |
| [23:00:19] | <jonpugh[m]> | It's almost IRC already, I can access gitter with IRC and via matrix |
| [23:00:54] | <jonpugh[m]> | Anyway,.... |
| [23:01:34] | <jonpugh[m]> | colan: can we tag a new alpha of https today? I tested and it works well, I am including it in devshop makefiles now |
| [23:04:33] | <colan[m]> | jonpugh: i've got another commit-ish i'm testing now. When done, I'd love you to test that (if you wouldn't mind). Can do a release right after this stuff gets in. Need it for Services integration. |
| [23:08:09] | <jonpugh[m]> | Ok |
| [23:47:35] | <jonpugh[m]> | colan: I am getting feedback from a client's security guy, they are scanning a site and had this to say: |
| [23:47:54] | <jonpugh[m]> | > the high-risk issues can be addressed by turning of support for out-of-date cyphers. |
| [23:48:32] | <jonpugh[m]> | I have a PDF report from "IBM Security AppScan" |
| [23:48:47] | <jonpugh[m]> | scanned a Hosting HTTPS/LetsEncrypt site |
| [23:49:28] | <colan[m]> | jonpugh: Please open an issue in there, and throw that stuff in. |
| [23:50:19] | <colan[m]> | Definitely needs to be done. We started by just cloning whatever was in hosting_ssl, which no doubt has old ciphers listed. |
| [23:51:07] | <colan[m]> | We can tag it Release Blocker |
| [23:51:25] | <colan[m]> | er, stable release blocker. |
| [23:51:31] | <jonpugh[m]> | :) |
| [23:52:54] | <jonpugh[m]> | that's better :D |
| [00:02:31] | <jonpugh[m]> | colan: issue posted... someone should definitely setup gitlab notifications! ;) |
| [00:02:35] | <jonpugh[m]> | https://gitlab.com/aegir/hosting_https/issues/38 |
| [00:14:33] | <colan[m]> | jonpugh: helmo Would you guys kindly review/approve/merge https://gitlab.com/aegir/hosting_https/merge_requests/23 ? Thanks! If all good, I can cut a new alpha. |
| [00:15:47] | <colan[m]> | Still can't enable HTTPS on new Apache sites (works with Nginx now), but someone will have to take care of that later. |
| [00:26:06] | <helmo42[m]> | colan: I don't have time right now, but can take a look tomorrow. |
| [00:29:10] | <colan[m]> | great, thanks. |
| [00:34:29] | * roycroft has quit (Ping timeout: 246 seconds) |
| [00:35:35] | * roycroft has joined #aegir |
| [00:50:23] | <bgm> | I did something by mistake and now getting "Unable to load LetsEncrypt driver for the Certificate service: Expecting class Provision_Service_Certificate_LetsEncrypt" when trying to run a 'verify' on the server-master |
| [00:51:03] | <bgm> | all modules seem enabled/installed, tried truncating the cache_bootstrap, drush cc drush, etc.. What am I missing? |
| [00:51:18] | <jonpugh[m]> | Check drushrc.php? |
| [00:53:08] | <bgm> | jonpugh[m]: in ~/hostmater-xx/sites/foo.example.org/drushrc.php ? weird, the status was = 0 for those modules there. |
| [00:57:44] | <jonpugh[m]> | Are the includes set? |
| [00:59:44] | * ybabel1 has joined #aegir |
| [01:00:24] | * ybabel has quit (Ping timeout: 260 seconds) |
| [01:00:24] | * ybabel1 is now known as ybabel |
| [01:01:27] | <bgm> | hmm I did a 'vimdiff' with a drushrc.php file from another server, and besides some path changes, it was the same |
| [01:06:35] | * v20th has joined #aegir |
| [01:07:57] | <bgm> | hmm ok, i'm not too sure what I did, but after a bit of poking around, it gave me an error that it couldn't create the platform directory, which was an empty directory name |
| [01:08:20] | <bgm> | so I disabled that check in the code (provision_drupal_push_site), re-verified everything, and now I re-enabled the code and it seems OK |
| [01:12:07] | <bgm> | thanks jonpugh[m] ! I think that fixing the drushrc.php is what unblocked it. |
| [01:12:31] | <jonpugh[m]> | :D |
| [01:12:51] | <jonpugh[m]> | I actually meant /var/aegir/.drush/drushrc.php |
| [01:13:05] | <jonpugh[m]> | that's the one that loads the includes for provision code inside hosting modules. |
| [01:13:19] | <jonpugh[m]> | but hey, happy to helo |
| [01:13:28] | <jonpugh[m]> | happy to help ;) |
| [01:13:57] | <jonpugh[m]> | colan: checking out your branch now |
| [01:14:00] | <bgm> | haha :) |
| [01:22:53] | <colan[m]> | bgm: not sure if you've switched over to using Services yet, but https://www.drupal.org/node/2838326 |
| [01:22:53] | <hefring> | https://www.drupal.org/node/2838326 => Allow for created sites to be available under HTTPS [#2838326] => 4 comments, 1 IRC mention |
| [01:23:08] | <bgm> | off-topic: i've been deprecating 3 wildcard certs.. and it's been rather.. entertaining. I'm glad to get rid of them though. I was going to renew, but buying ssl certs is such a pita. good riddance. |
| [01:24:10] | <bgm> | colan[m]: haven't yet, but sounds good |
| [01:25:25] | <bgm> | i'm still in the process of moving off hosting_ssl on some servers. but .. almost there! :D |
| [01:39:57] | <jonpugh[m]> | colan: Care to review and merge additional docs? https://gitlab.com/aegir/hosting_https/merge_requests/24 |
| [01:40:38] | <roycroft> | have any of these ssl add-ons solved the problem of aegir's assigning random ips to ssl sites when generating them? |
| [01:41:55] | <roycroft> | i currently have to spin off a vm for each ssl site, because if i assign a pool of ips to a web server aegir picks on e at random when generating the ssl-enabled site |
| [01:42:17] | <roycroft> | and that one almost always does not match the dns entry for the site |
| [01:43:32] | * noecc has quit (Ping timeout: 268 seconds) |
| [01:43:40] | <colan[m]> | roycroft: hosting_https doesn't deal with IP addresses at all. I recommend that you try it instead of hosting_ssl. |
| [01:44:31] | <roycroft> | how, then, do i generate the site to use the correct ip address? |
| [01:46:02] | <roycroft> | what aegir needs is an option, when creating a site, to pick the ip address the site will use when the server has multiple ips defined |
| [01:46:22] | <roycroft> | i've been told this is something that should be addressed in aegir ng |
| [01:46:31] | <roycroft> | but we're still waiting for that :) |
| [01:46:47] | * roycroft is not holding his breath for the duration of the wait |
| [01:48:07] | <colan[m]> | By default aegir will accept HTTPS connections on all IPs. |
| [01:48:36] | <colan[m]> | jonpugh: Added a couple of minor things for you to fix, but looks good. |
| [01:51:16] | <roycroft> | that's not what we need - we need to assign a particular ip to a single site, and then exclude that ip from listening for other sites |
| [01:51:48] | <roycroft> | right now the way i do that is by generating a vm for each ssl-enable site, which is wasteful |
| [01:52:22] | <colan[m]> | roycroft: sounds complicated. i've never felt the need to do that. |
| [01:53:07] | <colan[m]> | jonpugh: when you get those in, i'll merge & then cut a new release. |
| [02:09:09] | <jonpugh[m]> | colan: done |
| [02:11:41] | * reaper013 has quit (Quit: Page closed) |
| [02:14:34] | <bgm> | roycroft: if you need that, I'd recommend writing a small provision module that overrides the vhost tpl and assigns an IP that way. |
| [02:15:03] | <bgm> | ex: https://github.com/coopsymbiotic/provision_symbiotic/blob/master/provisi... |
| [02:15:20] | <bgm> | and then: https://github.com/coopsymbiotic/provision_symbiotic/blob/master/tpl/cus... |
| [02:16:08] | <bgm> | (I override in part because iirc Aegir does not enable IPv6 by default, and also to set specific TLS configuratonis) |
| [02:29:31] | <colan[m]> | jonpugh: last thing: Please merge https://gitlab.com/aegir/hosting_https/merge_requests/25 - will release immediately after. |
| [03:30:03] | <helmo42[m]> | colan: done |
| [03:30:29] | <jonpugh[m]> | :+1: |
| [03:30:36] | <jonpugh[m]> | ;) |
| [03:30:42] | <jonpugh[m]> | Riot needs emoji support |
| [04:00:17] | <helmo42[m]> | Hi all, ergonlog1c bgm jonpugh colan cweagans gboudrias memtkmcc .. Scrum time?. |
| [04:00:34] | <jonpugh[m]> | hellllo |
| [04:00:45] | <helmo42[m]> | 3.11-beta1 was just tagged ... only in provision... I'm trying to test the new gitlab build system |
| [04:01:04] | <jonpugh[m]> | ahh, can I try to cleanup two more patches? |
| [04:01:32] | <jonpugh[m]> | maybe for a beta2? |
| [04:01:35] | <jonpugh[m]> | :) |
| [04:01:39] | <helmo42[m]> | but somehow the test is now failing ... |
| [04:01:59] | <helmo42[m]> | yes go ahead ... I don't expect a final version today ;) |
| [04:18:29] | * gusaus has joined #aegir |
| [04:18:46] | <colan[m]> | https://gitlab.com/aegir/hosting_https/tags/7.x-3.x-alpha4 has just been released. |
| [04:29:16] | <colan[m]> | Also https://www.drupal.org/project/hosting_services/releases/7.x-3.0-beta2 |
| [04:32:34] | <colan[m]> | So you can now install an HTTPS site by default over Web services. |
| [04:32:49] | <colan[m]> | On Nginx anyway. ;) |
| [04:35:03] | <colan[m]> | ergonlogic: thanks for your help with https://gitlab.com/aegir/hosting_https/issues/28 |
| [05:06:26] | * shaneonabike1 has joined #aegir |
| [05:49:40] | * mengi1 has quit (Read error: Connection reset by peer) |
| [06:16:26] | * theMusician has quit (Ping timeout: 246 seconds) |
| [06:56:05] | * ybabel has quit (Quit: ybabel) |
| [07:03:13] | * ybabel has joined #aegir |
| [07:03:27] | * ybabel has quit (Client Quit) |
| [07:27:47] | * theMusician has joined #aegir |
| [07:38:08] | * theMusician has quit (Quit: theMusician) |
| [07:46:53] | * theMusician has joined #aegir |
| [07:48:43] | * gusaus has quit (Quit: gusaus) |
| [08:03:49] | * v20th has quit (Quit: Leaving) |
| [08:23:37] | * theMusician has quit (Quit: theMusician) |
| [08:39:13] | * theMusician has joined #aegir |
| [09:10:41] | * shaneonabike1 has quit (Quit: Leaving.) |
| [09:51:55] | * theMusician has quit (Quit: theMusician) |
