capistrano-fiftyfive 0.19.0 → 0.20.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: af395799f454e43548f4178ab79587ad4276f2be
4
- data.tar.gz: a297ed433f6b58783b1e8dcd28e2d65f024d6ba2
3
+ metadata.gz: d48d43572e397d2e9c282fb3f155340a9aca4c08
4
+ data.tar.gz: c53839c52e731da714afe54411aade3b146d2e1e
5
5
  SHA512:
6
- metadata.gz: 27f2eea48feaacf5f573e4eae795a091827e5bd3fc4a25abfaca281ca46a7ef43e84b77d29cf2ceaf04be4c86c1c070492f93627afcd64d078c1554384430caf
7
- data.tar.gz: 13a5935b343753306a143189bae548032b1857d17565b898a9495fa75903b5a477615cc61a3b5c05e9b4997e4dc0afafe50212c9c3ad90666f70fc5097161c61
6
+ metadata.gz: 52c834f13c387babac019f179d9e463c793f67930d14d77d9230359944edfdfadb268a2a6519749c8a4cea86bea6e7395813fbc0b994dc6c5b8e9bd9d3536e06
7
+ data.tar.gz: a337b7a7950df9a4415d9012426c3df16e6b86d4db7ebe663c20d8e0e8e037cacc2a1b9eab0c418a6f194078b971e431ced6b097bacf14c9e3d519db96194721
@@ -2,6 +2,10 @@
2
2
 
3
3
  * Your contribution here!
4
4
 
5
+ ## 0.20.0 (2015-05-29)
6
+
7
+ * Increase SSL/TLS security of the generated nginx configuration by following the suggestions of [weakdh.org](https://weakdh.org/sysadmin.html).
8
+
5
9
  ## 0.19.0 (2015-04-10)
6
10
 
7
11
  * Add `--retry=3` to bundle install options. This will help prevent deployment failures in case that a gem initially fails to download during the `bundle install` step.
data/README.md CHANGED
@@ -43,7 +43,7 @@ Add these gems to the development group of your Rails application's Gemfile:
43
43
  group :development do
44
44
  gem 'capistrano-bundler', :require => false
45
45
  gem 'capistrano-rails', :require => false
46
- gem 'capistrano', '~> 3.3.5', :require => false
46
+ gem 'capistrano', '~> 3.4.0', :require => false
47
47
  gem 'capistrano-fiftyfive' :require => false
48
48
  end
49
49
 
@@ -50,6 +50,7 @@ upstream unicorn_<%= application_basename %> {
50
50
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5;
51
51
  ssl_prefer_server_ciphers on;
52
52
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
53
+ ssl_dhparam /etc/ssl/dhparams.pem;
53
54
  ssl_certificate /etc/ssl/<%= application_basename %>.crt;
54
55
  ssl_certificate_key /etc/ssl/<%= application_basename %>.key;
55
56
 
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module Fiftyfive
3
- VERSION = "0.19.0"
3
+ VERSION = "0.20.0"
4
4
  end
5
5
  end
@@ -1,4 +1,5 @@
1
1
  fiftyfive_recipe :ssl do
2
+ during :provision, "generate_dh"
2
3
  during :provision, "generate_self_signed_crt"
3
4
  end
4
5
 
@@ -16,6 +17,16 @@ namespace :fiftyfive do
16
17
  _copy_to_all_web_servers(%w(.key .csr .crt))
17
18
  end
18
19
 
20
+ desc "Generate unique DH group"
21
+ task :generate_dh do
22
+ privileged_on roles(:web) do
23
+ unless test("sudo [ -f /etc/ssl/dhparams.pem ]")
24
+ execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048"
25
+ execute :sudo, "chmod 600 /etc/ssl/dhparams.pem"
26
+ end
27
+ end
28
+ end
29
+
19
30
  def _run_ssl_script(opt="")
20
31
  privileged_on primary(:web) do
21
32
  files_exist = %w(.key .csr .crt).any? do |ext|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-fiftyfive
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.19.0
4
+ version: 0.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Brictson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-04-10 00:00:00.000000000 Z
11
+ date: 2015-05-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: capistrano
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
141
141
  version: '0'
142
142
  requirements: []
143
143
  rubyforge_project:
144
- rubygems_version: 2.4.6
144
+ rubygems_version: 2.4.7
145
145
  signing_key:
146
146
  specification_version: 4
147
147
  summary: Additional Capistrano 3 recipes