(See PUPPETMASTER AS A RACK APPLICATION:)
apprentice@puppet:~$ sudo service puppetmaster stop
apprentice@puppet:~$ sudo apt-get install puppetmaster-passenger
          Yes, it's that simple.
	  Puppet is behind Apache now.
	  Just don't forget to prevent the puppetmaster from running standalone in /etc/default/puppetmaster:
	  
START=no <snip>
	  Modify /etc/puppet/puppetdb.conf to use localhost:
	  
[main] server = localhost port = 8081
	  ... modify /etc/puppetdb/conf.d/jetty.ini:
	  
[jetty] # Hostname to list for clear-text HTTP. Default is localhost #host = localhost # Port to listen on for clear-text HTTP. port = 8080 ssl-host = host06.servers.mydomain.com ssl-port = 8082 keystore = /etc/puppetdb/ssl/keystore.jks truststore = /etc/puppetdb/ssl/truststore.jks key-password = UY1nVMfZysidmenjmTGtt3Ge8 trust-password = UY1nVMfZysidmenjmTGtt3Ge8
| ![[Note]](include/images/admon/note.png) | Note | 
|---|---|
| That port 8082 is closed by Shorewall. We 're not going to use it. | 
	  Edit /etc/apache2/sites-available/puppetdb-proxy:
	  
Listen 8081
<VirtualHost *:8081>
        ServerName localhost
        SSLEngine on
        SSLCertificateFile /var/lib/puppet/ssl/certs/localhost.pem
        SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/localhost.pem
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyStatus On
        ProxyPass / http://localhost:8080/
        #ProxyPassReverse / http://localhost:8080/
        #ProxyHTMLLogVerbose On
        LogLevel Info
        <Proxy *>
                Order Deny,Allow
                Allow from all
        </Proxy>
</VirtualHost>
	  ... generate puppet certificates for localhost:
apprentice@puppet:~$ sudo puppet cert generate localhost
apprentice@puppet:~$ sudo service puppetdb restart
apprentice@puppet:~$ sudo a2ensite puppetdb-proxy
apprentice@puppet:~$ sudo a2enmod proxy_http
apprentice@some-client:~$  sudo puppet agent --no-daemonize --verbose --waitforcert 10 --no-splay
notice: Starting Puppet client version 2.7.11
info: Caching catalog for some-client.mydomain.com
info: Applying configuration version '1355405046'
notice: Finished catalog run in 0.21 seconds
	  (You 're going to need the passwd that is stored in /etc/puppetdb/conf.d/database.ini
	  
apprentice@puppet:~$ psql -U puppetdb -W puppetdb
Password for user puppetdb: 
psql (9.1.6)
Type "help" for help.
puppetdb=> \d
                  List of relations
 Schema |          Name           | Type  |  Owner   
--------+-------------------------+-------+----------
 public | catalog_resources       | table | puppetdb
 public | catalogs                | table | puppetdb
 public | certname_catalogs       | table | puppetdb
 public | certname_facts          | table | puppetdb
 public | certname_facts_metadata | table | puppetdb
 public | certnames               | table | puppetdb
 public | classes                 | table | puppetdb
 public | edges                   | table | puppetdb
 public | resource_params         | table | puppetdb
 public | schema_migrations       | table | puppetdb
 public | tags                    | table | puppetdb
(11 rows)
puppetdb=> select * from classes;
                 catalog                  |          name          
------------------------------------------+------------------------
 d1cb1e1afdf7ec7b562cf64563d821925a9aabc2 | settings
 d1cb1e1afdf7ec7b562cf64563d821925a9aabc2 | some-client.mydomain.com
 d1cb1e1afdf7ec7b562cf64563d821925a9aabc2 | puppet_agent
(3 rows)