Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/puppet/zulip_ops/files
History
Alex Vandiver 3bf047beb8 iptables: Skip conntrack for DNS queries. 
Under heavy request load, it is possible for the conntrack kernel
table to fill up (by default, 256k connections).  This leads to DNS
requests failing because they cannot make a new conntrack entry.

Allow all port-53 UDP traffic in and out without connection tracking.
This means that unbound port-53 traffic is no longer filtered out by
the on-host firewall -- but it is already filtered out at the border
firewall, so this does not change the external network posture.
`systemd-resolve` also only binds to 127.0.0.53 on the loopback
interface, so there is no server to attack on inbound port 53.
 		2024-01-10 09:07:00 -08:00
..
apache puppet: Move nagios to behind teleport. 2021-06-02 18:38:38 -07:00
apt/apt.conf.d puppet: Prevent unattended upgrades of erlang-base. 2023-05-16 14:02:06 -07:00
certs
cron.d cron: Remove unused STATE_FILE environment variable. 2022-06-22 12:07:38 -07:00
grafana grafana: Enable auto-sign-up. 2022-07-19 17:52:17 -07:00
iptables iptables: Skip conntrack for DNS queries. 2024-01-10 09:07:00 -08:00
munin
munin-plugins munin: Update to use NAGIOS_BOT_HOST. 2021-01-27 12:07:09 -08:00
nagios4 nagios: Remove load monitoring. 2023-09-14 09:29:29 -07:00
nagios_plugins/zulip_zephyr_mirror models: Extract zerver.models.clients. 2023-12-16 22:08:44 -08:00
needrestart puppet: Tell needrestart to not default to restarting core services. 2022-07-19 17:51:18 -07:00
nginx puppet: Serve /etc/zulip/well-known/ in nginx as /.well-known/. 2023-10-04 15:56:42 -07:00
postgresql puppet: Add a database teleport server. 2021-06-08 22:21:21 -07:00
prometheus puppet: Only fetch from running hosts in Grafana ec2 discovery. 2021-12-09 08:12:03 -08:00
supervisor/conf.d puppet: Switch teleport to running under systemd, not supervisord. 2023-03-15 17:23:42 -04:00
chrony.conf puppet: Configure chrony to use AWS-local NTP sources. 2022-03-25 17:07:53 -07:00
common-session
dot_emacs.el
krb5.conf puppet: Replace debathena krb5 package with equivalent puppet file. 2022-01-18 14:13:28 -08:00
nagios_ssh_config puppet: Use existing autossh tunnels as OpenSSH "master" sockets. 2022-11-01 22:24:40 -07:00
process_exporter.yaml puppet: Rename and generalize Tornado process exporter. 2023-08-06 13:41:10 -07:00
sshd_config
statuspage-pusher python: Consistently use from…import for urllib.parse. 2023-12-05 13:03:07 -08:00
teleport_app.yaml puppet: Only include "app_service" section if there are apps. 2022-04-26 16:36:13 -07:00
teleport_node.yaml puppet: Only include "app_service" section if there are apps. 2022-04-26 16:36:13 -07:00
teleport_server.yaml teleport: Add explicit WebAuthn config, not just U2F. 2022-07-18 11:41:00 -07:00
zephyr-clients puppet: Replace debathena zephyr package with equivalent puppet file. 2022-01-18 14:13:28 -08:00