blob: 2af2964c814be39dd23d8d25c90dae683909e36e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
# Based on http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster.example.com.pem
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.example.com.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# Set to require if this puppetmaster doesn't issue certificates
# to puppet clients.
# NB: this requires SSLCACertificateFile to include the CA cert
# issuing puppet client certificate.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# Passenger options that can be set in a virtual host
# configuration block.
PassengerHighPerformance on
PassengerStatThrottleRate 120
PassengerUseGlobalQueue on
RackAutoDetect Off
RailsAutoDetect Off
RackBaseURI /
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
|
