puppet: Initial support for Passenger on Apache

2013-05-02 21:48:36 +03:00 · 2013-05-02 21:48:36 +03:00 · 2e3a2e5782
commit 2e3a2e5782
parent e8251bae66
4 changed files with 98 additions and 5 deletions
--- a/puppet/templates/mongrel-httpd.conf.erb
+++ b/puppet/templates/mongrel-httpd.conf.erb
--- a/puppet/templates/passenger-httpd.conf.erb
+++ b/puppet/templates/passenger-httpd.conf.erb
@ -0,0 +1,56 @@
+#
+# Load SSL module if not loaded
+#
+<IfModule !mod_ssl.c>
+LoadModule ssl_module modules/mod_ssl.so
+</IfModule>
+
+# Listen to puppet port also
+Listen 8140
+
+##
+## Puppet Virtual Host
+##
+
+<VirtualHost _default_:8140>
+
+  # Use default log path for puppet
+  ErrorLog /srv/www/log/https/<%= homename %>/error_log
+  CustomLog /srv/www/log/https/<%= homename %>/access_log combined
+  LogLevel warn
+
+  # SSL settings
+  SSLEngine on
+  SSLProtocol TLSv1
+  SSLCipherSuite DHE-RSA-AES256-SHA
+
+  # Certificates and keys
+  SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
+  SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
+  SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
+  SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
+  SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
+
+  # Client authentication
+  SSLVerifyClient optional
+  SSLVerifyDepth 1
+
+  # SSL options and headers
+  SSLOptions +StdEnvVars
+  RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+  # Passenger settings
+  PassengerEnabled On
+  PassengerHighPerformance On
+  PassengerMaxRequests 1000
+  DocumentRoot /var/lib/passenger/puppet/public
+  <Directory "/var/lib/passenger/puppet">
+      Options None
+      AllowOverride None
+      Order Allow,Deny
+      Allow from All
+  </Directory>
+
+</VirtualHost>