- puppet with nginx artical link
- important permission,
puppet:puppet puppet_config_dir/rack
- use templates is better for loadbalance, since you don’t need setup host in config, but speed is lower than files
example nginx conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
server {
listen 8140 ssl;
server_name $hostname;
access_log /usr/local/nginx/logs/puppet_access.log;
error_log /usr/local/nginx/logs/puppet_error.log;
ssl_certificate /var/lib/puppet/ssl/certs/$hostname.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/$hostname.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;
location / {
root /etc/puppet/rack/public;
passenger_base_uri /;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
}
}
|