tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/puppet/templates/puppet-httpd.conf.erb

64 lines
1.7 KiB
Text
Raw Blame History

#
# Load SSL module if not loaded
#
<IfModule !mod_ssl.c>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
# Listen to puppet port also
Listen 8140
# Proxy balancer settings
<Proxy balancer://puppetmaster>
<% scope.lookupvar('puppet::server::mongrel::puppet_listenports').each do |port| -%>
BalancerMember http://127.0.0.1:<%= port %> keepalive=on max=2 retry=30
<% end -%>
</Proxy>
##
## Puppet Virtual Host
##
<VirtualHost _default_:8140>
# Use default log path for puppet
ErrorLog /srv/www/log/https/<%= homename %>/error_log
CustomLog /srv/www/log/https/<%= homename %>/access_log combined
LogLevel warn
# SSL settings
SSLEngine on
SSLProtocol TLSv1
SSLCipherSuite DHE-RSA-AES256-SHA
# Certificates and keys
SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
# Client authentication
SSLVerifyClient optional
SSLVerifyDepth 1
# SSL options and headers
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
# Proxy settings
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*)$ balancer://puppetmaster%{REQUEST_URI} [P,QSA,L]
</Ifmodule>
<IfModule !mod_rewrite.c>
ProxyPass / balancer://puppetmaster:8140/ timeout=180
</IfModule>
ProxyPassReverse / balancer://puppetmaster:8140/
ProxyPreserveHost on
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</VirtualHost>
Reference in a new issue View git blame Copy permalink