# Pieter de Rijk <pieter@de-rijk.com>
# 2009-12-10
#   - Modified it to use it with RHEL5
#   - Details can be found on http://blog.adslweb.net/

# Jeff McCune <mccune@math.ohio-state.edu>
# 2007-09-14
#
# Minimal Apache Configuration for Apache+Mongrel+Puppetmaster

Listen 8140
User puppet
Group puppet
PidFile /var/run/puppet-balancer.pid
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib64/httpd/modules/mod_proxy_http.so
LoadModule proxy_balancer_module /usr/lib64/httpd/modules/mod_proxy_balancer.so
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Proxy balancer://puppetmaster>
  BalancerMember http://127.0.0.1:18140 keepalive=on max=2 retry=30
  BalancerMember http://127.0.0.1:18141 keepalive=on max=2 retry=30
  BalancerMember http://127.0.0.1:18142 keepalive=on max=2 retry=30
  BalancerMember http://127.0.0.1:18143 keepalive=on max=2 retry=30
</Proxy>

<VirtualHost *:8140>
    SSLEngine on
    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA

    SSLCertificateFile       /var/lib/puppet/ssl/certs/puppet-balancer.pem
    SSLCertificateKeyFile    /var/lib/puppet/ssl/private_keys/puppet-balancer.pem
    SSLCertificateChainFile  /var/lib/puppet/ssl/certs/ca.pem
    SSLCACertificateFile     /var/lib/puppet/ssl/certs/ca.pem

    SSLVerifyClient optional
    SSLVerifyDepth  1
    SSLOptions +StdEnvVars

    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    <Location />
        SetHandler balancer-manager
        Order allow,deny
        Allow from all
    </Location>

    ProxyPass / balancer://puppetmaster:8140/ timeout=180
    ProxyPassReverse / balancer://puppetmaster:8140/
    ProxyPreserveHost on
    SetEnv force-proxy-request-1.0 1
    SetEnv proxy-nokeepalive 1

    ErrorLog  /var/log/puppet-balancer/balancer_error.log
    CustomLog /var/log/puppet-balancer/balancer_access.log combined
    CustomLog /var/log/puppet-balancer/balancer_ssl_request.log \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>