【跟我学Puppet】1.0 Puppet 3.7部署
cat > /usr/local/nginx/conf/nginx.conf <<EOFuser root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19;
passenger_ruby /usr/bin/ruby;
passenger_max_pool_size 32;
include mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [$time_local] "\$request" '
'\$status"\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"'
'\$upstream_addr \$upstream_cache_status \$upstream_status';
sendfile on;
keepalive_timeout 65;
include /usr/local/nginx/conf/puppet.conf;
}
EOF
cat > /usr/local/nginx/conf/puppet.conf <<EOF
server {
listen 8140 ssl;
server_name _;
root /etc/puppet/rack/public;
access_log /usr/local/nginx/logs/access-8140.log main;
passenger_enabled on;
passenger_use_global_queue on;
passenger_set_cgi_param HTTP_X_CLIENT_DN \$ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY \$ssl_client_verify;
ssl_certificate /var/lib/puppet/ssl/certs/$HOSTNAME.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/$HOSTNAME.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_session_cache shared:SSL:128m;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_session_timeout 5m;
ssl off;
ssl_verify_depth 1;
}
EOF
页:
[1]