summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2010-02-18 18:11:34 -0200
committerSilvio Rhatto <rhatto@riseup.net>2010-02-18 18:11:34 -0200
commitb7b76378f0db8ba5e8d0a41cc4f5bd08935456c2 (patch)
tree25fd679caac40998aea5b5e44f866b119edd549a
parent790a04513c64385866d5a9fa29aaa31bb501220c (diff)
downloadpuppet-nginx-b7b76378f0db8ba5e8d0a41cc4f5bd08935456c2.tar.gz
puppet-nginx-b7b76378f0db8ba5e8d0a41cc4f5bd08935456c2.tar.bz2
Tuning buffers for puppetmaster config
-rw-r--r--templates/puppetmaster.erb82
1 files changed, 42 insertions, 40 deletions
diff --git a/templates/puppetmaster.erb b/templates/puppetmaster.erb
index 3428744..6b3e2a6 100644
--- a/templates/puppetmaster.erb
+++ b/templates/puppetmaster.erb
@@ -4,11 +4,12 @@
# service in Puppet.
server {
- listen <%= ssl_port %>;
- ssl_verify_client on;
- root /var/empty;
- access_log /var/log/nginx/access-<%= ssl_port %>.log;
- rewrite_log on;
+ listen <%= ssl_port %>;
+ ssl_verify_client on;
+ root /var/empty;
+ access_log /var/log/nginx/access-<%= ssl_port %>.log;
+ rewrite_log on;
+ large_client_header_buffers 16 4k;
# Variables
# $ssl_cipher returns the line of those utilized it is cipher for established SSL-connection
@@ -18,46 +19,47 @@ server {
# $ssl_protocol returns the protocol of established SSL-connection
location / {
- proxy_pass http://puppet-production;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Client-Verify SUCCESS;
- proxy_set_header X-SSL-Subject $ssl_client_s_dn;
- proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
- proxy_connect_timeout 90;
- proxy_send_timeout 180;
- proxy_read_timeout 180;
- proxy_buffer_size 16k;
- proxy_buffers 8 16k;
- proxy_busy_buffers_size 32k;
- proxy_intercept_errors on;
+ proxy_pass http://puppet-production;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Client-Verify SUCCESS;
+ proxy_set_header X-SSL-Subject $ssl_client_s_dn;
+ proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
+ proxy_connect_timeout 90;
+ proxy_send_timeout 180;
+ proxy_read_timeout 180;
+ proxy_buffer_size 16k;
+ proxy_busy_buffers_size 32k;
+ proxy_intercept_errors on;
+ proxy_buffers 128 4k;
}
}
server {
- listen <%= non_ssl_port %>;
- ssl_verify_client off;
- root /var/empty;
- access_log /var/log/nginx/access-<%= non_ssl_port %>.log;
- rewrite_log on;
+ listen <%= non_ssl_port %>;
+ ssl_verify_client off;
+ root /var/empty;
+ access_log /var/log/nginx/access-<%= non_ssl_port %>.log;
+ rewrite_log on;
+ large_client_header_buffers 16 4k;
location / {
- proxy_pass http://puppet-production;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Client-Verify FAILURE;
- proxy_set_header X-SSL-Subject $ssl_client_s_dn;
- proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
- proxy_connect_timeout 90;
- proxy_send_timeout 180;
- proxy_read_timeout 180;
- proxy_buffer_size 16k;
- proxy_buffers 8 16k;
- proxy_busy_buffers_size 32k;
- proxy_intercept_errors on;
+ proxy_pass http://puppet-production;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Client-Verify FAILURE;
+ proxy_set_header X-SSL-Subject $ssl_client_s_dn;
+ proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
+ proxy_connect_timeout 90;
+ proxy_send_timeout 180;
+ proxy_read_timeout 180;
+ proxy_buffer_size 16k;
+ proxy_busy_buffers_size 32k;
+ proxy_intercept_errors on;
+ proxy_buffers 128 4k;
}
}