Puppet - passenger
From ICO wiki
Tarkvara paigaldamine
sudo apt-get install apache2 ruby1.8-dev rubygems
sudo a2enmod ssl
sudo a2enmod headers
sudo service apache2 restart
sudo gem install rack passenger
sudo apt-get install libcurl4-openssl-dev
sudo apt-get install apache2-threaded-dev
sudo apt-get install zlib1g-dev
sudo apt-get install libapr1-dev
sudo apt-get install libaprutil1-dev
sudo apt-get install apache2-threaded-dev
sudo passenger-install-apache2-module
sudo mkdir -p /usr/share/puppet/rack/puppetmasterd
sudo mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
sudo cp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/
sudo chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
service apache2 restart
Apache konfigureerimine
Loome uue SSL konfi default-ssl baasil
sudo cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/puppet.planet.zz
Faili sisu
<IfModule mod_ssl.c>
LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.29/buildout/apache2/mod_passenger.so
PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.29
PassengerDefaultRuby /usr/bin/ruby1.8
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
RackBaseURI /
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.planet.zz.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.planet.zz.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
SSLCARevocationFile /var/lib/puppet/ssl/crl.pem
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional
SSLVerifyDepth 1
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
</VirtualHost>
</IfModule>