PidFile /var/run/apache2-puppetmaster.pid

# Include module configuration:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so

User puppet
Group puppet

ErrorLog /var/puppet/log/puppetmaster-error.log

Listen 8140

ProxyRequests Off

<Proxy balancer://puppetmaster>
    BalancerMember http://127.0.0.1:18140
    BalancerMember http://127.0.0.1:18141
    BalancerMember http://127.0.0.1:18142
    BalancerMember http://127.0.0.1:18143
    BalancerMember http://127.0.0.1:18144
</Proxy>

<VirtualHost *:8140>
    SSLEngine on
    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
    SSLCertificateFile /etc/puppet/ssl/certs/<%= fqdn %>.pem
    SSLCertificateKeyFile /etc/puppet/ssl/private_keys/<%= fqdn %>.pem
    SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
    ###
    # Certificate revocation largely busted in new ruby..
    ###
    # SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient optional
    SSLVerifyDepth  1
    SSLOptions +StdEnvVars

    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    <Location />
       SetHandler balancer-manager
       Order allow,deny
       Allow from all
    </Location>

    ProxyPass / balancer://puppetmaster:8140/
    ProxyPassReverse / balancer://puppetmaster:8140/
    ProxyPreserveHost on

    LogLevel info
    ErrorLog /var/puppet/log/puppetmaster-error.log
    CustomLog /var/puppet/log/puppetmaster-access.log combined

</VirtualHost>