Hey Felix,
thanks, but those aren't the important ones I'm afraid. There should be
> a vhost to bind port 8140. If there is not, please check carefully which
> process is actually listening on that port. (If it's Ruby, I have bad
> news and good news :-)
Whoops! OK I get you now. Here's the vhost that binds to 8140:
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
<VirtualHost *:8140>
ServerName puppet
## Vhost docroot
DocumentRoot "/etc/puppet/rack/public/"
## Directories, there should at least be a declaration for
/etc/puppet/rack/public/
<Directory "/etc/puppet/rack/public/">
AllowOverride None
Require all granted
PassengerEnabled On
</Directory>
## Load additional static includes
## Logging
ErrorLog "/var/log/httpd/puppet_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/puppet_access_ssl.log" combined
## SSL directives
SSLEngine on
SSLCertificateFile "/var/lib/puppet/ssl/certs/puppet.example.com.pem"
SSLCertificateKeyFile
"/var/lib/puppet/ssl/private_keys/puppet.example.com.pem"
SSLCertificateChainFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/var/lib/puppet/ssl/ca/ca_crt.pem"
SSLCARevocationFile "/var/lib/puppet/ssl/ca/ca_crl.pem"
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
SSLHonorCipherOrder on
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
## Request header rules
## as per
http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RequestHeader unset X-Forwarded-For
## Custom fragment
</VirtualHost>
And it looks like only apache is listening on port 8140:
[root@puppet:/etc/httpd/conf.d] #lsof -i :8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 1144 root 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 1643 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 1643 apache 17u IPv4 3341375 0t0 TCP
puppet.example.com:8140->nfs1.example.com:35940 (ESTABLISHED)
httpd 9548 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 9587 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 9934 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 9997 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 10398 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 10398 apache 17u IPv4 3341633 0t0 TCP
puppet.example.com:8140->ec2-54-174-216-240.compute-1.amazonaws.com:53957
(ESTABLISHED)
httpd 10955 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16186 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16188 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16189 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 16189 apache 17u IPv4 3341683 0t0 TCP
puppet.example.com:8140->ec2-52-5-117-61.compute-1.amazonaws.com:51054
(ESTABLISHED)
httpd 17444 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 18372 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 18372 apache 17u IPv4 3341585 0t0 TCP
puppet.example.com:8140->varnish2.example.com:41184 (ESTABLISHED)
httpd 19116 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 19116 apache 17u IPv4 3341603 0t0 TCP
puppet.example.com:8140->ec2-54-173-242-112.compute-1.amazonaws.com:38536
(ESTABLISHED)
httpd 20462 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 21680 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 21680 apache 17u IPv4 3341090 0t0 TCP
puppet.example.com:8140->web1.example.com:50509 (ESTABLISHED)
httpd 23953 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 23955 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 23956 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 23956 apache 17u IPv4 3341270 0t0 TCP
puppet.example.com:8140->ec2-52-4-204-96.compute-1.amazonaws.com:48068
(ESTABLISHED)
httpd 29450 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
httpd 29450 apache 17u IPv4 3341677 0t0 TCP
puppet.example.com:8140->ec2-52-5-152-109.compute-1.amazonaws.com:56020
(ESTABLISHED)
httpd 31405 apache 5u IPv4 17778 0t0 TCP *:8140 (LISTEN)
I hope that helps! And let me know if I can provide anything else that
could help track down the issue.
Thanks!
Tim
On Fri, Jul 17, 2015 at 4:40 PM, Felix Frank <
felix.fr...@alumni.tu-berlin.de> wrote:
> On 07/17/2015 10:37 PM, Tim Dunphy wrote:
> >
> > Hi Felix,
> >
> > Thanks for getting back to me! And yes, you are correct.
> > Puppet/Foreman is running through apache/passenger.
> >
> > And here's the vhost configurations. There's two of them, one for ssl
> > and one for non ssl. Non ssl is first:
> >
>
> Hi Tim,
>
> thanks, but those aren't the important ones I'm afraid. There should be
> a vhost to bind port 8140. If there is not, please check carefully which
> process is actually listening on that port. (If it's Ruby, I have bad
> news and good news :-)
>
> Best,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/55A96854.60500%40Alumni.TU-Berlin.de
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOZy0ekk-ghcRhWtZGoMXWPTXOxPiVhb%3D-fsh96QVFFH5m4NuA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
