diff options
| author | Mathias Gug <mathias.gug@canonical.com> | 2010-08-19 19:04:05 -0400 |
|---|---|---|
| committer | Mathias Gug <mathias.gug@canonical.com> | 2010-08-19 19:04:05 -0400 |
| commit | 0d2bc3125b48ed5a918ea87150a528df05c56f18 (patch) | |
| tree | de26b8ee11a37d4de83d361e4b0e344e1d64c2af | |
| parent | 36175240d47cc183ec749d09838b6fecdae6d8ab (diff) | |
| download | puppet-0d2bc3125b48ed5a918ea87150a528df05c56f18.tar.gz | |
Update apache2 site example for passenger
Update apache2 site example configuration to be able to automatically
setup apache2 from the puppetmaster-passenger postinst script.
All options that can be defined in a virtual host have been moved to the
virtual host section in order to confine them to the passenger virtual
host.
The default puppetmaster port has also been added as a Listen option.
Ports should be set in /etc/apache2/ports.conf - however this is an
apache2 configuration file and thus cannot be updated by the
puppetmaster-passenger postinst script.
| -rw-r--r-- | ext/rack/files/apache2.conf | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/ext/rack/files/apache2.conf b/ext/rack/files/apache2.conf index 381327c9b..2af2964c8 100644 --- a/ext/rack/files/apache2.conf +++ b/ext/rack/files/apache2.conf @@ -1,12 +1,4 @@ - -# you probably want to tune these settings -PassengerHighPerformance on -PassengerMaxPoolSize 12 -PassengerPoolIdleTime 1500 -# PassengerMaxRequests 1000 -PassengerStatThrottleRate 120 -RackAutoDetect Off -RailsAutoDetect Off +# Based on http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger Listen 8140 @@ -15,20 +7,32 @@ Listen 8140 SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP - SSLCertificateFile /etc/puppet/ssl/certs/squigley.namespace.at.pem - SSLCertificateKeyFile /etc/puppet/ssl/private_keys/squigley.namespace.at.pem - SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem - SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem + SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster.example.com.pem + SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.example.com.pem + SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem + SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. - SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem + SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem + # Set to require if this puppetmaster doesn't issue certificates + # to puppet clients. + # NB: this requires SSLCACertificateFile to include the CA cert + # issuing puppet client certificate. SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars - DocumentRoot /etc/puppet/rack/public/ + # Passenger options that can be set in a virtual host + # configuration block. + PassengerHighPerformance on + PassengerStatThrottleRate 120 + PassengerUseGlobalQueue on + RackAutoDetect Off + RailsAutoDetect Off RackBaseURI / - <Directory /etc/puppet/rack/> + + DocumentRoot /usr/share/puppet/rack/puppetmasterd/public + <Directory /usr/share/puppet/rack/puppetmasterd/> Options None AllowOverride None Order allow,deny |