Puppet扩展篇5-通过多进程增强master的负载均衡能力(nginx+mongrel)
# vim nginx.confuser nginx nginx;
worker_processes4;
error_log/var/log/puppet/nginx-puppet.log notice;
pid /var/run/nginx.pid;
events {
worker_connections1024;
}
http {
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout65;
tcp_nodelay on;
large_client_header_buffers 16 4k;
proxy_buffers 128 4k;
upstream puppetmaster {
server 127.0.0.1:18140;
server 127.0.0.1:18141;
server 127.0.0.1:18142;
server 127.0.0.1:18143;
}
server {
listen 8140;
root /etc/puppet;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /var/lib/puppet/ssl/certs/puppetserver.kisspuppet.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppetserver.kisspuppet.com.pem;
ssl_client_certificate/var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_verify_client optional;
location / {
proxy_pass http://puppetmaster;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout65;
}
}
}
页:
[1]