Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #### nginx.conf file
- #### Configuration for Nginx-Passenger in front of Puppet Master 2.7.18
- worker_processes 1;
- error_log /var/log/nginx/error.log warn;
- pid /var/run/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include /opt/nginx/conf/mime.types;
- default_type application/octet-stream;
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
- sendfile on;
- tcp_nopush on;
- # KeepAlive
- keepalive_timeout 65;
- tcp_nodelay on;
- # Passenger needed for puppet
- passenger_root /var/lib/gems/1.8/gems/passenger-3.0.13;
- passenger_ruby /usr/bin/ruby;
- passenger_use_global_queue on;
- passenger_max_pool_size 15;
- passenger_pool_idle_time 300;
- server {
- listen 8140 ssl;
- server_name puppet.example.org;
- access_log /var/log/nginx/puppetmaster.access.log;
- error_log /var/log/nginx/puppetmaster.error.log;
- root /etc/puppet/rack/public;
- passenger_enabled on;
- passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
- passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
- ssl_certificate /var/lib/puppet/ssl/certs/puppet.example.org.pem;
- ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.example.org.pem;
- ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
- ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
- ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
- ssl_prefer_server_ciphers on;
- ssl_verify_client optional;
- ssl_verify_depth 1;
- ssl_session_cache shared:SSL:128m;
- ssl_session_timeout 5m;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
