Wrap text
|
|
PidFile /var/run/apache2-puppetmaster.pid
# Include module configuration:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
User puppet
Group puppet
ErrorLog /var/puppet/log/puppetmaster-error.log
Listen 8140
ProxyRequests Off
BalancerMember http://127.0.0.1:18140
BalancerMember http://127.0.0.1:18141
BalancerMember http://127.0.0.1:18142
BalancerMember http://127.0.0.1:18143
BalancerMember http://127.0.0.1:18144
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile /etc/puppet/ssl/certs/<%= fqdn %>.pem
SSLCertificateKeyFile /etc/puppet/ssl/private_keys/<%= fqdn %>.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
###
# Certificate revocation largely busted in new ruby..
###
# SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
SetHandler balancer-manager
Order allow,deny
Allow from all
ProxyPass / balancer://puppetmaster:8140/
ProxyPassReverse / balancer://puppetmaster:8140/
ProxyPreserveHost on
LogLevel info
ErrorLog /var/puppet/log/puppetmaster-error.log
CustomLog /var/puppet/log/puppetmaster-access.log combined
|
Pastie
