Revision 06bc94b2
Added by Greg Sutcliffe about 12 years ago
templates/server/puppet-vhost.conf.erb | ||
---|---|---|
|
||
SSLEngine on
|
||
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
|
||
SSLCertificateFile <%= scope.lookupvar("puppet::params::ssl_dir") %>/certs/<%= fqdn %>.pem
|
||
SSLCertificateKeyFile <%= scope.lookupvar("puppet::params::ssl_dir") %>/private_keys/<%= fqdn %>.pem
|
||
<% unless scope.lookupvar("puppet::params::ca") %> -%>
|
||
SSLCACertificateFile <%= scope.lookupvar("puppet::params::ssl_dir") %>/certs/ca.pem
|
||
SSLCertificateFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/certs/<%= fqdn %>.pem
|
||
SSLCertificateKeyFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/private_keys/<%= fqdn %>.pem
|
||
<% unless scope.lookupvar("puppet::server::ca") %> -%>
|
||
SSLCACertificateFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/certs/ca.pem
|
||
<% else -%>
|
||
SSLCertificateChainFile <%= scope.lookupvar("puppet::params::ssl_dir") %>/ca/ca_crt.pem
|
||
SSLCACertificateFile <%= scope.lookupvar("puppet::params::ssl_dir") %>/ca/ca_crt.pem
|
||
SSLCertificateChainFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/ca/ca_crt.pem
|
||
SSLCACertificateFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/ca/ca_crt.pem
|
||
# CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line
|
||
# SSLCARevocationFile <%= scope.lookupvar("puppet::params::ssl_dir") %>/ca/ca_crl.pem
|
||
# SSLCARevocationFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/ca/ca_crl.pem
|
||
<% end -%>
|
||
SSLVerifyClient optional
|
||
SSLVerifyDepth 1
|
||
... | ... | |
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
|
||
|
||
RackAutoDetect On
|
||
DocumentRoot <%= scope.lookupvar("puppet::params::app_root") %>/public/
|
||
<Directory <%= scope.lookupvar("puppet::params::app_root") %>>
|
||
DocumentRoot <%= scope.lookupvar("puppet::server::app_root") %>/public/
|
||
<Directory <%= scope.lookupvar("puppet::server::app_root") %>>
|
||
Options None
|
||
AllowOverride None
|
||
Order allow,deny
|
Also available in: Unified diff
Fix parameter names for new parameterized server class