Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Optimize puppet CA using apache
in puppet.conf add (not needed in recent puppet versions, 3.5+ or something):
cadir = $ssldir/ca { mode = 775 }
cacert = $cadir/ca_crt.pem { mode = 664 }
csrdir = $cadir/requests { mode = 775 }
signeddir = $cadir/signed { mode = 775 }
in apache site add (change /etc/puppet/ssl to your ssldir path):
<IfModule mod_rewrite.c>
<Directory /etc/puppet/ssl/ca>
AllowOverride None
Allow from all
</Directory>
RewriteEngine on
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^/\w+/certificate_revocation_list/ca$ /etc/puppet/ssl/ca/ca_crl.pem [L,T=text/plain]
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^/\w+/certificate/ca$ /etc/puppet/ssl/ca/ca_crt.pem [L,T=text/plain]
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^/\w+/certificate/([A-Za-z\d\.-]+)$ /etc/puppet/ssl/ca/signed/$1.pem [L,T=text/plain]
RewriteCond %{THE_REQUEST} ^GET
RewriteRule ^/\w+/certificate_request/([A-Za-z\d\.-]+)$ /etc/puppet/ssl/ca/requests/$1.pem [L,T=text/plain]
</IfModule>
enable mod_rewrite in apache and restart it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment