62 lines
1.6 KiB
Text
62 lines
1.6 KiB
Text
#
|
|
# Load SSL module if not loaded
|
|
#
|
|
<IfModule !mod_ssl.c>
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
</IfModule>
|
|
|
|
# Listen to puppet port also
|
|
Listen 8140
|
|
|
|
##
|
|
## Puppet Virtual Host
|
|
##
|
|
|
|
<VirtualHost _default_:8140>
|
|
|
|
# Use default log path for puppet
|
|
ErrorLog /srv/www/log/https/<%= @homename %>/error_log
|
|
CustomLog /srv/www/log/https/<%= @homename %>/access_log combined
|
|
LogLevel warn
|
|
|
|
# SSL settings
|
|
SSLEngine on
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
SSLHonorCipherOrder On
|
|
SSLCipherSuite <%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>
|
|
|
|
# Certificates and keys
|
|
SSLCertificateFile <%= @puppet_ssldir %>/certs/<%= @homename %>.pem
|
|
SSLCertificateKeyFile <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem
|
|
SSLCertificateChainFile <%= @puppet_ssldir %>/certs/ca.pem
|
|
SSLCACertificateFile <%= @puppet_ssldir %>/certs/ca.pem
|
|
SSLCARevocationFile <%= @puppet_ssldir %>/ca/ca_crl.pem
|
|
|
|
# Client authentication
|
|
SSLVerifyClient optional
|
|
SSLVerifyDepth 1
|
|
|
|
# SSL options and headers
|
|
SSLOptions +StdEnvVars
|
|
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
|
|
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
|
|
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
|
|
|
|
# Passenger settings
|
|
PassengerEnabled On
|
|
<% unless @operatingsystem == 'Ubuntu' -%>
|
|
PassengerUser puppet
|
|
PassengerGroup puppet
|
|
<% end -%>
|
|
PassengerHighPerformance On
|
|
PassengerMaxRequests 1000
|
|
PassengerTempDir /var/run/passenger
|
|
DocumentRoot /var/lib/passenger/puppet/public
|
|
<Directory "/var/lib/passenger/puppet">
|
|
Options None
|
|
AllowOverride None
|
|
Order Allow,Deny
|
|
Allow from All
|
|
</Directory>
|
|
|
|
</VirtualHost>
|