puppet-puppet/templates/server/puppet-vhost.conf.erb @ 7a9857ba
7a9857ba | Greg Sutcliffe | Listen <%= scope.lookupvar("puppet::server::port") %>
|
|
<VirtualHost *:<%= scope.lookupvar("puppet::server::port") %>>
|
|||
96cab9ae | Ohad Levy | ||
SSLEngine on
|
|||
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
|
|||
06bc94b2 | Greg Sutcliffe | SSLCertificateFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/certs/<%= fqdn %>.pem
|
|
SSLCertificateKeyFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/private_keys/<%= fqdn %>.pem
|
|||
<% unless scope.lookupvar("puppet::server::ca") %> -%>
|
|||
SSLCACertificateFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/certs/ca.pem
|
|||
96cab9ae | Ohad Levy | <% else -%>
|
|
06bc94b2 | Greg Sutcliffe | SSLCertificateChainFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/ca/ca_crt.pem
|
|
SSLCACertificateFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/ca/ca_crt.pem
|
|||
96cab9ae | Ohad Levy | # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line
|
|
06bc94b2 | Greg Sutcliffe | # SSLCARevocationFile <%= scope.lookupvar("puppet::server::ssl_dir") %>/ca/ca_crl.pem
|
|
96cab9ae | Ohad Levy | <% end -%>
|
|
SSLVerifyClient optional
|
|||
SSLVerifyDepth 1
|
|||
SSLOptions +StdEnvVars
|
|||
# The following client headers allow the same configuration to work with Pound.
|
|||
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
|
|||
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
|
|||
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
|
|||
RackAutoDetect On
|
|||
06bc94b2 | Greg Sutcliffe | DocumentRoot <%= scope.lookupvar("puppet::server::app_root") %>/public/
|
|
<Directory <%= scope.lookupvar("puppet::server::app_root") %>>
|
|||
96cab9ae | Ohad Levy | Options None
|
|
AllowOverride None
|
|||
Order allow,deny
|
|||
allow from all
|
|||
</Directory>
|
|||
</VirtualHost>
|