puppetlabs-puppet/ext/rack
Moses Mendoza 8f84207c12 (#12466) unset X-Forwarded-For header
Without this patch the handling of
X-Forwarded-For headers is insecure in a
default apache conf supplied with puppet.
This patch ensures X-Forwarded-For headers
are dropped.

Signed-off-by: Moses Mendoza <moses@puppetlabs.com>
2012-03-28 11:15:41 -07:00
..
files (#12466) unset X-Forwarded-For header 2012-03-28 11:15:41 -07:00
README rack: SSL Env vars can only be in Request.env 2009-11-18 17:20:13 +01:00
manifest.pp Removed extra whitespace from end of lines 2009-06-06 09:12:00 +10:00

README

PUPPETMASTER AS A RACK APPLICATION
==================================

puppetmaster can now be hosted as a standard Rack application. A proper
config.ru is provided for this.

For more details about rack, see http://rack.rubyforge.org/ .

Getting started
===============

You'll need rack installed, version 1.0.0. Older versions are known not
to work.


WEBrick
-------

WEBrick is currently not supported as a Rack host. You'll be better off
just running puppetmasterd directly.


Mongrel
-------

If you like Mongrel, and want to replicate wiki:UsingMongrel, you could
probably start your backend mongrels this way:

cd ext/rack
for port in `seq 18140 18150`; do
  rackup --server mongrel --port $port &
done

rackup is part of the rack gem. Make sure it's in your path.



Apache with Passenger (aka mod_rails)
-------------------------------------

Make sure puppetmasterd ran at least once, so the CA & SSL certificates
got set up.

Requirements:
  Passenger version 2.2.2 or 2.2.5 or newer***
  Rack version 1.0.0
  Apache 2.x
  SSL Module loaded

Apache configuration snippet is in files/apache2.conf. You need to
edit it to reflect your servername.

Required puppet.conf settings:
  [puppetmasterd]
    ssl_client_header = SSL_CLIENT_S_DN
    ssl_client_verify_header = SSL_CLIENT_VERIFY

To set up most of the boring stuff, you can use this command:
  puppet --verbose --modulepath ./ext ext/rack/manifest.pp
Or use manifest.pp as a starting point for your own module.

Note: Passenger will not let applications run as root or the Apache user,
instead an implicit setuid will be done, to the user whom owns
config.ru. Therefore, config.ru shall be owned by the puppet user.


*** Important note about Passenger versions:
    2.2.2 is known to work.
    2.2.3-2.2.4 are known to *NOT* work.
    2.2.5 works again when used with Puppet 0.25.2+.
    Passenger installation doc: http://www.modrails.com/install.html