nginx bits...
server {
server_name puppet;
listen 8140 default ssl;
client_max_body_size 10M;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
root /opt/nginx/html/puppet-production/public;
ssl_certificate /etc/puppet/ssl/certs/puppet.pem;
ssl_certificate_key /etc/puppet/ssl/private_keys/puppet.pem;
ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /etc/puppet/ssl/certs/ca.pem;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;
}
passenger bits (config.ru)...
$0 = "puppetmasterd"
require 'puppet'
ARGV << "--rack"
ARGV << "--confdir=/etc/puppet.production"
ARGV << "--vardir=/var/puppet.production"
ARGV << "--reportdir=/var/puppet.production/reports"
ARGV << "--ssldir=/etc/puppet/ssl"
ARGV << "--ssl_client_header=SSL_CLIENT_S_DN"
ARGV << "--ssl_client_verify_header=SSL_CLIENT_VERIFY"
require 'puppet/application/puppetmasterd'
run Puppet::Application[:puppetmasterd].run
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
