<VirtualHost *:8140>
SSLEngine on
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
SSLHonorCipherOrder on
# 修改为SSL实际路径及文件名
SSLCertificateFile /var/lib/puppet/ssl/certs/test.cominggo.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/test.cominggo.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
# The `ExportCertData` option is needed for agent certificate expiration warnings
SSLOptions +StdEnvVars +ExportCertData
# This header needs to be set if using a loadbalancer or proxy
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /etc/puppet/rack/public/
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
## Logging # 设置Puppet访问日志(可选,默认日志为other_vhosts_access.log)
ErrorLog "/var/log/apache2/puppet_error.log"
ServerSignature Off
CustomLog "/var/log/apache2/puppet_access.log" combined
</VirtualHost>
$ cd /etc/apache2/sites-available/
$ sudo a2ensite puppet.conf