tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added support for puppetmaster on OpenBSD using nxing and passenger

Browse source
This commit is contained in:
Ossi Salmi 2011-11-28 00:58:54 +02:00 committed by Timo Mkinen
parent 0b4d310656
commit 78d6eddb2c
3 changed files with 121 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

22
puppet/templates/puppet-passenger.conf.erb Normal file
View file

@ -0,0 +1,22 @@
server {
server_name puppet;
listen 8140 default ssl;
ssl_certificate <%= puppet_ssldir %>/certs/<%= homename %>.pem;
ssl_certificate_key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem;
ssl_client_certificate <%= puppet_ssldir %>/certs/ca.pem;
ssl_crl <%= puppet_ssldir %>/ca/ca_crl.pem;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:8m;
ssl_session_timeout 5m;
passenger_enabled on;
rails_env production;
root /var/nginx/puppet/public;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
}