+++ /dev/null
-class nginx::puppetmaster inherits nginx::base {
-
- $worker_processes = hiera('puppet::master::worker_processes', 4)
- $puppetmaster_certname = hiera('puppet::master::certname', "puppet.${::domain}")
-
- $worker_connections = 1024
- $ssl_port = 8140
- $non_ssl_port = 8141
- $puppetmaster_servers = [ "127.0.0.1:18140",
- "127.0.0.1:18141",
- "127.0.0.1:18142",
- "127.0.0.1:18143" ]
-
- file { "/etc/nginx/conf.d/puppetmaster.conf":
- content => template("nginx/puppetmaster.conf.erb"),
- owner => "root",
- group => "root",
- mode => 0644,
- ensure => present,
- notify => Service["nginx"],
- }
-
- nginx::base::site { "puppetmaster":
- ensure => present,
- source => 'template',
- require => File['/etc/nginx/conf.d/puppetmaster.conf'],
- }
-
- # We don't want nginx to listen at port 80
- nginx::base::site { "default":
- source => 'none',
- ensure => absent,
- }
-
- File["/etc/nginx/nginx.conf"] {
- content => template("nginx/nginx.conf.puppetmaster.erb"),
- }
-}
-
-class nginx::puppetmaster::disabled inherits nginx::puppetmaster {
- File["/etc/nginx/nginx.conf", "/etc/nginx/conf.d/puppetmaster.conf",
- "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled"] {
- ensure => absent,
- force => true,
- }
-
- Service['nginx'] {
- enable => false,
- ensure => stopped,
- }
-
- Nginx::Base::Site['puppetmaster'] {
- ensure => absent,
- }
-
- Package['nginx'] {
- ensure => absent,
- }
-}
+++ /dev/null
-# This configuration file was auto-generated by the Puppet configuration
-# management system. Any changes you make to this file will be overwritten
-# the next time Puppet runs. Please make configuration changes to this
-# service in Puppet.
-
-ssl on;
-ssl_certificate /var/lib/puppetmaster/ssl/certs/<%= puppetmaster_certname %>.pem;
-ssl_certificate_key /var/lib/puppetmaster/ssl/private_keys/<%= puppetmaster_certname %>.pem;
-ssl_client_certificate /var/lib/puppetmaster/ssl/certs/ca.pem;
-ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
-ssl_session_cache shared:SSL:8m;
-ssl_session_timeout 5m;
-
-upstream puppet-production {
- <% puppetmaster_servers.each do |upstream| -%>
- server <%= upstream %>;
- <% end -%>
-}
+++ /dev/null
-# This configuration file was auto-generated by the Puppet configuration
-# management system. Any changes you make to this file will be overwritten
-# the next time Puppet runs. Please make configuration changes to this
-# service in Puppet.
-
-server {
- listen <%= scope.lookupvar('nginx::puppetmaster::ssl_port') %>;
- ssl_verify_client on;
- root /var/empty;
- access_log /var/log/nginx/access-<%= scope.lookupvar('nginx::puppetmaster::ssl_port') %>.log;
- rewrite_log on;
- large_client_header_buffers 16 4k;
-
- # Variables
- # $ssl_cipher returns the line of those utilized it is cipher for established SSL-connection
- # $ssl_client_serial returns the series number of client certificate for established SSL-connection
- # $ssl_client_s_dn returns line subject DN of client certificate for established SSL-connection
- # $ssl_client_i_dn returns line issuer DN of client certificate for established SSL-connection
- # $ssl_protocol returns the protocol of established SSL-connection
-
- location / {
- proxy_pass http://puppet-production;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Client-Verify SUCCESS;
- proxy_set_header X-SSL-Subject $ssl_client_s_dn;
- proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
- proxy_connect_timeout 90;
- proxy_send_timeout 180;
- proxy_read_timeout 180;
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 32k;
- proxy_intercept_errors on;
- proxy_buffers 128 4k;
- }
-}
-
-server {
- listen <%= scope.lookupvar('nginx::puppetmaster::non_ssl_port') %>;
- ssl_verify_client off;
- root /var/empty;
- access_log /var/log/nginx/access-<%= scope.lookupvar('nginx::puppetmaster::non_ssl_port') %>.log;
- rewrite_log on;
- large_client_header_buffers 16 4k;
-
- location / {
- proxy_pass http://puppet-production;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Client-Verify FAILURE;
- proxy_set_header X-SSL-Subject $ssl_client_s_dn;
- proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
- proxy_connect_timeout 90;
- proxy_send_timeout 180;
- proxy_read_timeout 180;
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 32k;
- proxy_intercept_errors on;
- proxy_buffers 128 4k;
- }
-}
projects / puppet-nginx.git / commitdiff