Hey Felix,
thanks, but those aren't the important ones I'm afraid. There should be
> a vhost to bind port 8140. If there is not, please check carefully which
> process is actually listening on that port. (If it's Ruby, I have bad
> news and good news :-)
Whoops! OK I get you now. Here's the vhost that binds to 8140:
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
<VirtualHost *:8140>
ServerName puppet
## Vhost docroot
DocumentRoot "/etc/puppet/rack/public/"
## Directories, there should at least be a declaration for
/etc/puppet/rack/public/
<Directory "/etc/puppet/rack/public/">
AllowOverride None
Require all granted
PassengerEnabled On
</Directory>
## Load additional static includes
## Logging
ErrorLog "/var/log/httpd/puppet_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/puppet_access_ssl.log" combined
## SSL directives
SSLEngine on
SSLCertificateFile "/var/lib/puppet/ssl/certs/puppet.example.com.pem"
SSLCertificateKeyFile
"/var/lib/puppet/ssl/private_keys/puppet.example.com.pem"
SSLCertificateChainFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCARevocationFile "/var/lib/puppet/ssl/ca/ca_crl.pem"
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
SSLHonorCipherOrder on
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
## Request header rules
## as per
http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RequestHeader unset X-Forwarded-For
## Custom fragment
</VirtualHost>
And it looks like only apache is listening on port 8140:
[root@puppet:/etc/httpd/conf.d] #lsof -i :8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 1144 root 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 1643 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 1643 apache 17u IPv4 3341375 0t0 TCP
puppet.example.com:8140->nfs1.example.com:35940 (ESTABLISHED)
httpd 9548 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 9587 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 9934 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 9997 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 10398 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 10398 apache 17u IPv4 3341633 0t0 TCP
puppet.example.com:8140->ec2-54-174-216-240.compute-1.amazonaws.com:53957
(ESTABLISHED)
httpd 10955 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16186 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16188 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16189 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16189 apache 17u IPv4 3341683 0t0 TCP
puppet.example.com:8140->ec2-52-5-117-61.compute-1.amazonaws.com:51054
(ESTABLISHED)
httpd 17444 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 18372 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 18372 apache 17u IPv4 3341585 0t0 TCP
puppet.example.com:8140->varnish2.example.com:41184 (ESTABLISHED)
httpd 19116 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 19116 apache 17u IPv4 3341603 0t0 TCP
puppet.example.com:8140->ec2-54-173-242-112.compute-1.amazonaws.com:38536
(ESTABLISHED)
httpd 20462 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 21680 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 21680 apache 17u IPv4 3341090 0t0 TCP
puppet.example.com:8140->web1.example.com:50509 (ESTABLISHED)
httpd 23953 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 23955 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 23956 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 23956 apache 17u IPv4 3341270 0t0 TCP
puppet.example.com:8140->ec2-52-4-204-96.compute-1.amazonaws.com:48068
(ESTABLISHED)
httpd 29450 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 29450 apache 17u IPv4 3341677 0t0 TCP
puppet.example.com:8140->ec2-52-5-152-109.compute-1.amazonaws.com:56020
(ESTABLISHED)
httpd 31405 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
I hope that helps! And let me know if I can provide anything else that
could help track down the issue.
Thanks!
Tim
On Fri, Jul 17, 2015 at 4:40 PM, Felix Frank <
[email protected]> wrote:
> On 07/17/2015 10:37 PM, Tim Dunphy wrote:
> >
> > Hi Felix,
> >
> > Thanks for getting back to me! And yes, you are correct.
> > Puppet/Foreman is running through apache/passenger.
> >
> > And here's the vhost configurations. There's two of them, one for ssl
> > and one for non ssl. Non ssl is first:
> >
>
> Hi Tim,
>
> thanks, but those aren't the important ones I'm afraid. There should be
> a vhost to bind port 8140. If there is not, please check carefully which
> process is actually listening on that port. (If it's Ruby, I have bad
> news and good news :-)
>
> Best,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/55A96854.60500%40Alumni.TU-Berlin.de
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOZy0ekk-ghcRhWtZGoMXWPTXOxPiVhb%3D-fsh96QVFFH5m4NuA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
