fujin · October 22, 2008 23:35
diff --git a/gistfile1.txt b/gistfile1.txt
 upstream puppet {
 # adjust this to the number of mongrels you spawn
  server 127.0.0.1:18140;
  server 127.0.0.1:18141;
 }

 # day-to-day operations
 server {
  listen                  8140;
  ssl                     on;
  ssl_certificate         /var/lib/puppet/ssl/certs/puppet.pem;
  ssl_certificate_key     /var/lib/puppet/ssl/private_keys/puppet.pem;
  ssl_client_certificate  /var/lib/puppet/ssl/ca/ca_crt.pem;
  ssl_ciphers             SSLv2:-LOW:-EXPORT:RC4+RSA;
  ssl_session_cache       shared:SSL:8m;
  ssl_session_timeout     5m;
  ssl_verify_client       on;
  location / {
    proxy_redirect      off;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    Host $http_host;
    proxy_set_header    X-Client-Verify  SUCCESS;
    proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
    proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
    proxy_read_timeout 64;
    proxy_pass          http://puppet;
  }
 }

 # un-authenticated CA port (--ca_port on your clients)
 server {
  listen                  8141;
  ssl_verify_client       off;
  ssl                     on;
  ssl_certificate         /var/lib/puppet/ssl/certs/puppet.pem;
  ssl_certificate_key     /var/lib/puppet/ssl/private_keys/puppet.pem;
  ssl_client_certificate  /var/lib/puppet/ssl/ca/ca_crt.pem;
  ssl_ciphers             SSLv2:-LOW:-EXPORT:RC4+RSA;
  ssl_session_cache       shared:SSL:8m;
  ssl_session_timeout     5m;
  location / {
    proxy_redirect     off;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   Host             $http_host;
    proxy_set_header   X-Client-Verify  FAILURE;
    proxy_set_header   X-SSL-Subject    $ssl_client_s_dn;
    proxy_set_header   X-SSL-Issuer     $ssl_client_i_dn;
    proxy_read_timeout 64;
    proxy_pass  http://puppet;
  }
 }
	upstream puppet {
	# adjust this to the number of mongrels you spawn
	server 127.0.0.1:18140;
	server 127.0.0.1:18141;
	}

	# day-to-day operations
	server {
	listen 8140;
	ssl on;
	ssl_certificate /var/lib/puppet/ssl/certs/puppet.pem;
	ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.pem;
	ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
	ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
	ssl_session_cache shared:SSL:8m;
	ssl_session_timeout 5m;
	ssl_verify_client on;
	location / {
	proxy_redirect off;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Client-Verify SUCCESS;
	proxy_set_header X-SSL-Subject $ssl_client_s_dn;
	proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
	proxy_read_timeout 64;
	proxy_pass http://puppet;
	}
	}

	# un-authenticated CA port (--ca_port on your clients)
	server {
	listen 8141;
	ssl_verify_client off;
	ssl on;
	ssl_certificate /var/lib/puppet/ssl/certs/puppet.pem;
	ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.pem;
	ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
	ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
	ssl_session_cache shared:SSL:8m;
	ssl_session_timeout 5m;
	location / {
	proxy_redirect off;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Client-Verify FAILURE;
	proxy_set_header X-SSL-Subject $ssl_client_s_dn;
	proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
	proxy_read_timeout 64;
	proxy_pass http://puppet;
	}
	}
No results found