hmc/puppet/conf/puppetmaster.conf.template - ambari - Git at Google

 #/*
 # * Licensed to the Apache Software Foundation (ASF) under one
 # * or more contributor license agreements.  See the NOTICE file
 # * distributed with this work for additional information
 # * regarding copyright ownership.  The ASF licenses this file
 # * to you under the Apache License, Version 2.0 (the
 # * "License"); you may not use this file except in compliance
 # * with the License.  You may obtain a copy of the License at
 # *
 # *     http://www.apache.org/licenses/LICENSE-2.0
 # *
 # * Unless required by applicable law or agreed to in writing, software
 # * distributed under the License is distributed on an "AS IS" BASIS,
 # * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # * See the License for the specific language governing permissions and
 # * limitations under the License.
 # */

 # you probably want to tune these settings
 PassengerHighPerformance on
 PassengerMaxPoolSize 12
 PassengerPoolIdleTime 1500
 # PassengerMaxRequests 1000
 PassengerStatThrottleRate 120
 RackAutoDetect Off
 RailsAutoDetect Off

 Listen 8140

 <VirtualHost *:8140>
         SSLEngine on
         SSLProtocol -ALL +SSLv3 +TLSv1
         SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

         SSLCertificateFile      /var/lib/puppet/ssl/certs/__TODO_HOSTNAME__.pem
         SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/__TODO_HOSTNAME__.pem
         SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
         SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
         # If Apache complains about invalid signatures on the CRL, you can try disabling
         # CRL checking by commenting the next line, but this is not recommended.
         SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
         SSLVerifyClient optional
         SSLVerifyDepth  1
         SSLOptions +StdEnvVars

         RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
         RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
         RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

         DocumentRoot /etc/puppet/rack/public/
         RackBaseURI /
         <Directory /etc/puppet/rack/>
                 Options None
                 AllowOverride None
                 Order allow,deny
                 allow from all
         </Directory>
 </VirtualHost>
	#/*
	# * Licensed to the Apache Software Foundation (ASF) under one
	# * or more contributor license agreements. See the NOTICE file
	# * distributed with this work for additional information
	# * regarding copyright ownership. The ASF licenses this file
	# * to you under the Apache License, Version 2.0 (the
	# * "License"); you may not use this file except in compliance
	# * with the License. You may obtain a copy of the License at
	# *
	# * http://www.apache.org/licenses/LICENSE-2.0
	# *
	# * Unless required by applicable law or agreed to in writing, software
	# * distributed under the License is distributed on an "AS IS" BASIS,
	# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# * See the License for the specific language governing permissions and
	# * limitations under the License.
	# */

	# you probably want to tune these settings
	PassengerHighPerformance on
	PassengerMaxPoolSize 12
	PassengerPoolIdleTime 1500
	# PassengerMaxRequests 1000
	PassengerStatThrottleRate 120
	RackAutoDetect Off
	RailsAutoDetect Off

	Listen 8140

	<VirtualHost *:8140>
	SSLEngine on
	SSLProtocol -ALL +SSLv3 +TLSv1
	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

	SSLCertificateFile /var/lib/puppet/ssl/certs/__TODO_HOSTNAME__.pem
	SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/__TODO_HOSTNAME__.pem
	SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
	SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
	# If Apache complains about invalid signatures on the CRL, you can try disabling
	# CRL checking by commenting the next line, but this is not recommended.
	SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
	SSLVerifyClient optional
	SSLVerifyDepth 1
	SSLOptions +StdEnvVars

	RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

	DocumentRoot /etc/puppet/rack/public/
	RackBaseURI /
	<Directory /etc/puppet/rack/>
	Options None
	AllowOverride None
	Order allow,deny
	allow from all
	</Directory>
	</VirtualHost>