puppet tips

Kiyor | Created: 03-17-14 05:39:18

---

---

• puppet with nginx artical link
• important permission, puppet:puppet puppet_config_dir/rack
• use templates is better for loadbalance, since you don’t need setup host in config, but speed is lower than files

server {
    listen          8140 ssl;
    server_name     $hostname;

    access_log      /usr/local/nginx/logs/puppet_access.log;
    error_log       /usr/local/nginx/logs/puppet_error.log;

    ssl_certificate             /var/lib/puppet/ssl/certs/$hostname.pem;
    ssl_certificate_key         /var/lib/puppet/ssl/private_keys/$hostname.pem;
    ssl_crl                     /var/lib/puppet/ssl/ca/ca_crl.pem;
    ssl_client_certificate      /var/lib/puppet/ssl/certs/ca.pem;
    ssl_ciphers                 SSLv2:-LOW:-EXPORT:RC4+RSA;
    ssl_prefer_server_ciphers   on;
    ssl_verify_client           optional;
    ssl_verify_depth            1;
    ssl_session_cache           shared:SSL:128m;
    ssl_session_timeout         5m;

    location / {
        root                      /etc/puppet/rack/public;
        passenger_base_uri        /;
        passenger_enabled         on;
        passenger_set_cgi_param   HTTP_X_CLIENT_DN $ssl_client_s_dn;
        passenger_set_cgi_param   HTTP_X_CLIENT_VERIFY $ssl_client_verify;
    }
}

---

---

Recent Post

• opnsense with custom private dns
• NUC Proxmox 外置显卡扩展坞 Windows双系统
• RHEL7 failed to enable service
• context in golang
• golang 1.7 http client trace example
• chef user lost password?
• ocsp server analysis
• 静态网站转半动态网站的经验
• centos ffmpeg
• golang 1.5 坑一枚