diff options
-rw-r--r-- | templates/puppetmaster.erb | 82 |
1 files changed, 42 insertions, 40 deletions
diff --git a/templates/puppetmaster.erb b/templates/puppetmaster.erb index 3428744..6b3e2a6 100644 --- a/templates/puppetmaster.erb +++ b/templates/puppetmaster.erb @@ -4,11 +4,12 @@ # service in Puppet. server { - listen <%= ssl_port %>; - ssl_verify_client on; - root /var/empty; - access_log /var/log/nginx/access-<%= ssl_port %>.log; - rewrite_log on; + listen <%= ssl_port %>; + ssl_verify_client on; + root /var/empty; + access_log /var/log/nginx/access-<%= ssl_port %>.log; + rewrite_log on; + large_client_header_buffers 16 4k; # Variables # $ssl_cipher returns the line of those utilized it is cipher for established SSL-connection @@ -18,46 +19,47 @@ server { # $ssl_protocol returns the protocol of established SSL-connection location / { - proxy_pass http://puppet-production; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Client-Verify SUCCESS; - proxy_set_header X-SSL-Subject $ssl_client_s_dn; - proxy_set_header X-SSL-Issuer $ssl_client_i_dn; - proxy_connect_timeout 90; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_buffer_size 16k; - proxy_buffers 8 16k; - proxy_busy_buffers_size 32k; - proxy_intercept_errors on; + proxy_pass http://puppet-production; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Client-Verify SUCCESS; + proxy_set_header X-SSL-Subject $ssl_client_s_dn; + proxy_set_header X-SSL-Issuer $ssl_client_i_dn; + proxy_connect_timeout 90; + proxy_send_timeout 180; + proxy_read_timeout 180; + proxy_buffer_size 16k; + proxy_busy_buffers_size 32k; + proxy_intercept_errors on; + proxy_buffers 128 4k; } } server { - listen <%= non_ssl_port %>; - ssl_verify_client off; - root /var/empty; - access_log /var/log/nginx/access-<%= non_ssl_port %>.log; - rewrite_log on; + listen <%= non_ssl_port %>; + ssl_verify_client off; + root /var/empty; + access_log /var/log/nginx/access-<%= non_ssl_port %>.log; + rewrite_log on; + large_client_header_buffers 16 4k; location / { - proxy_pass http://puppet-production; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Client-Verify FAILURE; - proxy_set_header X-SSL-Subject $ssl_client_s_dn; - proxy_set_header X-SSL-Issuer $ssl_client_i_dn; - proxy_connect_timeout 90; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_buffer_size 16k; - proxy_buffers 8 16k; - proxy_busy_buffers_size 32k; - proxy_intercept_errors on; + proxy_pass http://puppet-production; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Client-Verify FAILURE; + proxy_set_header X-SSL-Subject $ssl_client_s_dn; + proxy_set_header X-SSL-Issuer $ssl_client_i_dn; + proxy_connect_timeout 90; + proxy_send_timeout 180; + proxy_read_timeout 180; + proxy_buffer_size 16k; + proxy_busy_buffers_size 32k; + proxy_intercept_errors on; + proxy_buffers 128 4k; } } |