raphink/gist:bc4f43353c20417871cb

## gistfile1.apacheconf
<VirtualHost *:8140>
  ServerName puppet-proxy
  ServerAlias puppet-proxy.example.com

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "/etc/puppet/ssl/certs/puppet-proxy.example.com.pem"
  SSLCertificateKeyFile   "/etc/puppet/ssl/private_keys/puppet-proxy.example.com.pem"
  SSLCertificateChainFile "/etc/puppet/ssl/ca/ca_crt.pem"
  SSLCACertificatePath    "/etc/ssl/certs"
  SSLCACertificateFile    "/etc/puppet/ssl/ca/ca_crt.pem"
  SSLCARevocationFile     "/etc/puppet/ssl/ca/ca_crl.pem"
  SSLProtocol             -ALL +SSLv3 +TLSv1
  SSLCipherSuite          ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
  SSLVerifyClient         optional
  SSLVerifyDepth          1
  SSLOptions +StdEnvVars +ExportCertData

  # The key and certificate for puppet-proxy.example.com, concatenated as one PEM file
  SSLProxyMachineCertificateFile /etc/apache2/pm_keys.pem

  RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
  RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
  RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

  SSLProxyEngine On
  ProxyPreserveHost On

  # Redirect certificate requests to the local CA
  ProxyPassMatch ^/.*/certificate.*/ http://localhost:8139
  <Location ~ ^/.*/certificate.*/ >
    ProxyPassReverse http://localhost:8139
  </Location>

  # Redirect stable environement requests to the stable Puppet Master
  ProxyPassMatch ^/stable/ https://puppetmaster-stable.example.com:8140
  <Location ~ ^/stable/ >
    ProxyPassReverse https://puppetmaster-stable.example.com:8140
  </Location>

  # Redirect staging environement requests to the stable Puppet Master
  ProxyPassMatch ^/staging/ https://puppetmaster-staging.example.com:8140
  <Location ~ ^/staging/ >
    ProxyPassReverse https://puppetmaster-staging.example.com:8140
  </Location>

  # All other requests go to the dev Puppet Master
  ProxyPassMatch ^/.*/ https://puppetmaster-dev.example.com:8140
  <Location ~ ^/.*/ >
    ProxyPassReverse https://puppetmaster-dev.example.com:8140
  </Location>
</VirtualHost>
	<VirtualHost *:8140>
	ServerName puppet-proxy
	ServerAlias puppet-proxy.example.com

	## SSL directives
	SSLEngine on
	SSLCertificateFile "/etc/puppet/ssl/certs/puppet-proxy.example.com.pem"
	SSLCertificateKeyFile "/etc/puppet/ssl/private_keys/puppet-proxy.example.com.pem"
	SSLCertificateChainFile "/etc/puppet/ssl/ca/ca_crt.pem"
	SSLCACertificatePath "/etc/ssl/certs"
	SSLCACertificateFile "/etc/puppet/ssl/ca/ca_crt.pem"
	SSLCARevocationFile "/etc/puppet/ssl/ca/ca_crl.pem"
	SSLProtocol -ALL +SSLv3 +TLSv1
	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
	SSLVerifyClient optional
	SSLVerifyDepth 1
	SSLOptions +StdEnvVars +ExportCertData

	# The key and certificate for puppet-proxy.example.com, concatenated as one PEM file
	SSLProxyMachineCertificateFile /etc/apache2/pm_keys.pem

	RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

	SSLProxyEngine On
	ProxyPreserveHost On

	# Redirect certificate requests to the local CA
	ProxyPassMatch ^/./certificate./ http://localhost:8139
	<Location ~ ^/./certificate./ >
	ProxyPassReverse http://localhost:8139
	</Location>

	# Redirect stable environement requests to the stable Puppet Master
	ProxyPassMatch ^/stable/ https://puppetmaster-stable.example.com:8140
	<Location ~ ^/stable/ >
	ProxyPassReverse https://puppetmaster-stable.example.com:8140
	</Location>

	# Redirect staging environement requests to the stable Puppet Master
	ProxyPassMatch ^/staging/ https://puppetmaster-staging.example.com:8140
	<Location ~ ^/staging/ >
	ProxyPassReverse https://puppetmaster-staging.example.com:8140
	</Location>

	# All other requests go to the dev Puppet Master
	ProxyPassMatch ^/.*/ https://puppetmaster-dev.example.com:8140
	<Location ~ ^/.*/ >
	ProxyPassReverse https://puppetmaster-dev.example.com:8140
	</Location>
	</VirtualHost>