arusso · October 24, 2012 16:01
diff --git a/10_passenger.conf b/10_passenger.conf
 # /etc/httpd/conf.d/10_passenger.conf

 # Load  passenger module
 LoadModule passenger_module /usr/lib64/httpd/modules/mod_passenger.so
 PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
 PassengerRuby /usr/bin/ruby

 # some recommended settings for puppet
 PassengerHighPerformance  on
 PassengerUseGlobalQueue   on  

 # The number of passenger processes to keep open, ready
 # to serve puppet clients.  Should be 1.5x the core count
 PassengerMaxPoolSize      12  

 # After PassengerMaxRequests, the passenger process is
 # recycled.
 PassengerMaxRequests	  5000  

 # After PassengerPoolIdleTime seconds of idle time, the
 # passenger process is recycled.
 PassengerPoolIdleTime	  1800
diff --git a/20_puppetmaster.conf b/20_puppetmaster.conf
 # /etc/httpd/conf.d/20_puppetmaster.conf

 Listen 8140
 <VirtualHost *:8140>
 SSLEngine on
 SSLProtocol -ALL +SSLv3 +TLSv1
 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

 # define our certs (the ones puppetmaster generated)
 SSLCertificateFile	/var/lib/puppet/ssl/certs/$fqdn.pem
 SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/$fqdn.pem
 SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
 SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem

 SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem

 SSLVerifyClient		optional
 SSLVerifyDepth		1
 SSLOptions		+StdEnvVars

 RequestHeader		set	X-SSL-SUBJECT %{SSL_CLIENT_S_DN}e
 RequestHeader		set	X-Client-DN %{SSL_CLIENT_S_DN}e
 RequestHeader		set	X-Client-Verify %{SSL_CLIENT_VERIFY}e

 RackAutoDetect On
 DocumentRoot	/etc/puppet/rack/puppetmaster/public/
 <Directory /etc/puppet/rack/puppetmaster/>
  Options None
  AllowOverride None
  Order  allow,deny
  allow from all
 </Directory>
 </VirtualHost>
diff --git a/passenger.conf b/passenger.conf
 #LoadModule passenger_module modules/mod_passenger.so
 #<IfModule mod_passenger.c>
 #   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
 #   PassengerRuby /usr/bin/ruby
 #   PassengerTempDir /var/run/rubygem-passenger
 #</IfModule>

 # Deploying a Ruby on Rails application: an example

 # Suppose you have a Rails application in /somewhere. Add a virtual host to
 # your Apache configuration file and set its DocumentRoot to /somewhere/public:
 #
 #    <VirtualHost *:80>
 #       ServerName www.yourhost.com
 #       DocumentRoot /somewhere/public    # <-- be sure to point to 'public'!
 #       <Directory /somewhere/public>
 #          AllowOverride all              # <-- relax Apache security settings
 #          Options -MultiViews            # <-- MultiViews must be turned off
 #       </Directory>
 #    </VirtualHost>
	# /etc/httpd/conf.d/10_passenger.conf

	# Load passenger module
	LoadModule passenger_module /usr/lib64/httpd/modules/mod_passenger.so
	PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
	PassengerRuby /usr/bin/ruby

	# some recommended settings for puppet
	PassengerHighPerformance on
	PassengerUseGlobalQueue on

	# The number of passenger processes to keep open, ready
	# to serve puppet clients. Should be 1.5x the core count
	PassengerMaxPoolSize 12

	# After PassengerMaxRequests, the passenger process is
	# recycled.
	PassengerMaxRequests 5000

	# After PassengerPoolIdleTime seconds of idle time, the
	# passenger process is recycled.
	PassengerPoolIdleTime 1800
	# /etc/httpd/conf.d/20_puppetmaster.conf

	Listen 8140
	<VirtualHost *:8140>
	SSLEngine on
	SSLProtocol -ALL +SSLv3 +TLSv1
	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

	# define our certs (the ones puppetmaster generated)
	SSLCertificateFile /var/lib/puppet/ssl/certs/$fqdn.pem
	SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/$fqdn.pem
	SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
	SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem

	SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem

	SSLVerifyClient optional
	SSLVerifyDepth 1
	SSLOptions +StdEnvVars

	RequestHeader set X-SSL-SUBJECT %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

	RackAutoDetect On
	DocumentRoot /etc/puppet/rack/puppetmaster/public/
	<Directory /etc/puppet/rack/puppetmaster/>
	Options None
	AllowOverride None
	Order allow,deny
	allow from all
	</Directory>
	</VirtualHost>
	#LoadModule passenger_module modules/mod_passenger.so
	#<IfModule mod_passenger.c>
	# PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
	# PassengerRuby /usr/bin/ruby
	# PassengerTempDir /var/run/rubygem-passenger
	#</IfModule>

	# Deploying a Ruby on Rails application: an example

	# Suppose you have a Rails application in /somewhere. Add a virtual host to
	# your Apache configuration file and set its DocumentRoot to /somewhere/public:
	#
	# <VirtualHost *:80>
	# ServerName www.yourhost.com
	# DocumentRoot /somewhere/public # <-- be sure to point to 'public'!
	# <Directory /somewhere/public>
	# AllowOverride all # <-- relax Apache security settings
	# Options -MultiViews # <-- MultiViews must be turned off
	# </Directory>
	# </VirtualHost>