Puppet nginx+Mongrel安装配置篇
user www www;worker_processes 4;
worker_rlimit_nofile65535;
error_log/var/log/nginx-puppet.log notice;
pid/var/run/nginx-puppet.pid;
events{
useepoll;
worker_connections 32768;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 300;
tcp_nodelay on;
access_log /var/log/nginx/access.log;
upstream puppetmaster {
server 127.0.0.1:18140;
server 127.0.0.1:18141;
server 127.0.0.1:18142;
server 127.0.0.1:18143;
}
server {
listen 8140;
root /etc/puppet;
access_log/var/log/nginx/puppet-access.log;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /etc/puppet/ssl/certs/puppetser.xxxx.com.pem;
ssl_certificate_key /etc/puppet/ssl/private_keys/puppetser.xxxx.com.pem;
ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem;
ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
# File sections
location /production/file_content/files/{
types { }
default_type application/x-raw;
alias /etc/puppet/manifests/files/;
}
# Modules files sections
location ~/production/file_content/modules/.+/ {
root /etc/puppet/modules;
types { }
default_type application/x-raw;
rewrite^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;
}
# Ask the puppetmaster for everythingelse
location / {
proxy_pass http://puppetmaster;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_buffer_size 16k;
proxy_buffers 8 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_read_timeout 65;
}
}
}
页:
[1]