Last active
August 29, 2015 14:09
-
-
Save llowder/26ed9d524c34f2cc3adf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [main] | |
| server = pe-370-master.puppetdebug.vlan | |
| port = 4435 | |
| certificate_name = pe-370-master.puppetdebug.vlan | |
| [root@pe-370-master puppetlabs]# cat puppet/puppetdb.conf | |
| [main] | |
| server = pe-370-master.puppetdebug.vlan | |
| port = 8081 | |
| soft_write_failure = false | |
| [root@pe-370-master puppetlabs]# cat puppet/aut | |
| auth.conf autosign.conf | |
| [root@pe-370-master puppetlabs]# cat puppet/auth.conf | |
| path ~ ^/catalog/([^/]+)$ | |
| method find | |
| auth yes | |
| allow $1 | |
| path ~ ^/node/([^/]+)$ | |
| method find | |
| auth yes | |
| allow $1 | |
| path /certificate_revocation_list/ca | |
| method find | |
| auth yes | |
| allow * | |
| path ~ ^/report/([^/]+)$ | |
| method save | |
| auth yes | |
| allow $1 | |
| path /file | |
| auth yes | |
| allow * | |
| path /certificate/ca | |
| method find | |
| auth any | |
| allow * | |
| path /certificate/ | |
| method find | |
| auth any | |
| allow * | |
| path /certificate_request | |
| method find, save | |
| auth any | |
| allow * | |
| path /v2.0/environments | |
| method find | |
| auth yes | |
| allow * | |
| path /certificate_status | |
| method find, search, save, destroy | |
| auth yes | |
| allow pe-internal-dashboard | |
| path /facts | |
| method find, search | |
| auth any | |
| allow pe-internal-dashboard | |
| path /resource_type | |
| method find, search | |
| auth yes | |
| allow pe-internal-dashboard, pe-internal-classifier | |
| path / | |
| auth any |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Listen 127.0.0.1:4434 | |
| <VirtualHost 127.0.0.1:4434> | |
| Include /etc/puppetlabs/httpd/console_apps.d/console-virtual-host.def | |
| </VirtualHost> | |
| Listen 0.0.0.0:4435 | |
| <VirtualHost 0.0.0.0:4435> | |
| Include /etc/puppetlabs/httpd/console_apps.d/console-virtual-host.def | |
| ServerName pe-370-master.puppetdebug.vlan | |
| # Enables SSL Encryption | |
| SSLEngine on | |
| SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA | |
| SSLProtocol ALL -SSLv2 -SSLv3 | |
| SSLCompression off | |
| SSLCertificateFile /opt/puppet/share/puppet-dashboard/certs/pe-370-master.puppetdebug.vlan.cert.pem | |
| SSLCertificateKeyFile /opt/puppet/share/puppet-dashboard/certs/pe-370-master.puppetdebug.vlan.private_key.pem | |
| SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/certs/ca.pem | |
| SSLCACertificateFile /etc/puppetlabs/puppet/ssl/certs/ca.pem | |
| # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line | |
| SSLCARevocationFile /etc/puppetlabs/puppet/ssl/crl.pem | |
| SSLVerifyClient require | |
| SSLHonorCipherOrder on | |
| SSLVerifyDepth 1 | |
| SSLOptions +StdEnvVars +ExportCertData | |
| RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e | |
| RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e | |
| RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e | |
| </VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Listen 0.0.0.0:443 | |
| <VirtualHost 0.0.0.0:443> | |
| # Enables SSL Encryption | |
| SSLEngine on | |
| SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA | |
| SSLProtocol ALL -SSLv2 -SSLv3 | |
| SSLCompression off | |
| SSLCertificateFile /opt/puppet/share/console-services/certs/pe-370-master.puppetdebug.vlan.cert.pem | |
| SSLCertificateKeyFile /opt/puppet/share/console-services/certs/pe-370-master.puppetdebug.vlan.private_key.pem | |
| SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/certs/ca.pem | |
| SSLCACertificateFile /etc/puppetlabs/puppet/ssl/certs/ca.pem | |
| # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line | |
| SSLCARevocationFile /etc/puppetlabs/puppet/ssl/crl.pem | |
| SSLVerifyClient none | |
| SSLHonorCipherOrder on | |
| SSLVerifyDepth 1 | |
| SSLOptions +StdEnvVars +ExportCertData | |
| RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e | |
| RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e | |
| RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e | |
| ProxyPass / http://127.0.0.1:4430/ | |
| ProxyPassReverse / http://127.0.0.1:4430/ | |
| DefaultType None | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment