Page MenuHomePhabricator
Paste P6555

(An Untitled Masterwork)
ActivePublic
Actions

Authored by Paladox on Jan 6 2018, 5:57 PM.
Tags
None
Referenced Files
F12283932:
Jan 6 2018, 5:57 PM
Subscribers
None
<VirtualHost *:8140>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite -ALL:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-SHA
SSLHonorCipherOrder On
SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparam.pem"
SSLCertificateFile /var/lib/puppet/server/ssl/certs/puppet-phabricator.phabricator.eqiad.wmflabs.pem
SSLCertificateKeyFile /var/lib/puppet/server/ssl/private_keys/puppet-phabricator.phabricator.eqiad.wmflabs.pem
SSLCACertificateFile /var/lib/puppet/server/ssl/ca/ca_crt.pem
SSLCertificateChainFile /var/lib/puppet/server/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationPath /var/lib/puppet/server/ssl/crl
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
RackBaseURI /
<Location />
Require ip 10.0.0.0/8
</Location>
DocumentRoot /usr/share/puppet/rack/puppet-master/public
<Directory /usr/share/puppet/rack/puppet-master/>
Options None
AllowOverride None
Require all granted
</Directory>
CustomLog /var/log/apache2/puppetmaster.log wmf
</VirtualHost>
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL