blt · January 30, 2012 20:40
diff --git a/default b/default
 # /etc/nginx/sites-enabled/default
 upstream puppet-production {
    server   unix:/var/run/puppet/master.00.sock;
    server   unix:/var/run/puppet/master.01.sock;
    server   unix:/var/run/puppet/master.02.sock;
 }
        
 server {
    listen puppet:8140;
    include conf.d/puppet_ssl.conf;
    include conf.d/puppet_proxy_set_header.conf;
    
    default_type application/x-raw;

    location /production/file_content/ {
        rewrite ^/production/file_content/([^/]+)/(.*) /$1/files/$2;
        break;
        root /etc/puppet/modules/;
    }
    location / {
        proxy_pass http://puppet-production;
    }
 }
diff --git a/puppet_proxy_set_header.conf b/puppet_proxy_set_header.conf
 # /etc/nginx/conf.d/puppet_proxy_set_header.conf 
 proxy_redirect         off; 
 proxy_set_header Host              $host;
 proxy_set_header X-Real-IP         $remote_addr;
 proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
 proxy_set_header    X-Client-Verify  $ssl_client_verify;
 proxy_set_header    X-Client-Verify  SUCCESS;
 proxy_set_header    X-Client-DN $ssl_client_s_dn;
 proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
 proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
diff --git a/puppet_ssl.conf b/puppet_ssl.conf
 # /etc/nginx/conf.d/puppet_ssl.conf

 ssl on; 
 ssl_certificate /var/lib/puppet/ssl/certs/puppet.pem;
 ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.pem;
 ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
 ssl_client_certificate  /var/lib/puppet/ssl/ca/ca_crt.pem;
 ssl_verify_client       on;
	# /etc/nginx/sites-enabled/default
	upstream puppet-production {
	server unix:/var/run/puppet/master.00.sock;
	server unix:/var/run/puppet/master.01.sock;
	server unix:/var/run/puppet/master.02.sock;
	}

	server {
	listen puppet:8140;
	include conf.d/puppet_ssl.conf;
	include conf.d/puppet_proxy_set_header.conf;

	default_type application/x-raw;

	location /production/file_content/ {
	rewrite ^/production/file_content/([^/]+)/(.*) /$1/files/$2;
	break;
	root /etc/puppet/modules/;
	}
	location / {
	proxy_pass http://puppet-production;
	}
	}
	# /etc/nginx/conf.d/puppet_proxy_set_header.conf
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Client-Verify $ssl_client_verify;
	proxy_set_header X-Client-Verify SUCCESS;
	proxy_set_header X-Client-DN $ssl_client_s_dn;
	proxy_set_header X-SSL-Subject $ssl_client_s_dn;
	proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
	# /etc/nginx/conf.d/puppet_ssl.conf

	ssl on;
	ssl_certificate /var/lib/puppet/ssl/certs/puppet.pem;
	ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.pem;
	ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
	ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
	ssl_verify_client on;