PassengerStatThrottleRate 120 RailsAutoDetect On ServerName dashboard.internal.net DocumentRoot /usr/share/puppet-dashboard/public/ Options None Order allow,deny allow from all ErrorLog /var/log/httpd/dashboard_error.log LogLevel warn CustomLog /var/log/httpd/dashboard_access.log combined ServerSignature On SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /usr/share/puppet-dashboard/certs/dashboard.cert.pem SSLCertificateKeyFile /usr/share/puppet-dashboard/certs/dashboard.private_key.pem SSLCACertificateFile /usr/share/puppet-dashboard/certs/dashboard.ca_cert.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. #SSLCARevocationFile /usr/share/puppet-dashboard/certs/dashboard.ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars ServerName dashboard.internal.net DocumentRoot /usr/share/puppet-dashboard/public Options None AllowOverride None #Order allow,deny #Allow from all # Configuration restricts HTTP actions to POST only Order allow,deny # explicitly permit our Puppet Masters Allow from localhost Allow from ... Satisfy any # For node definitions from masters. # Configuration restricts HTTP actions to GET only Order allow,deny # explicitly permit our Puppet Masters Allow from localhost Allow from ... Satisfy any Order deny,allow # explictly permit our Puppet Masters Allow from ... Satisfy any AuthType Basic AuthName "Puppet Dashboard" AuthBasicAuthoritative Off AuthBasicProvider ldap AuthLDAPBindDN "..." AuthLDAPBindPassword password AuthLDAPURL "..." Require ldap-attribute gidNumber=123 # Enable this to require client-side certificates for Dashboard connections #SSLVerifyClient require