diff options
Diffstat (limited to 'templates/puppetmaster.erb')
-rw-r--r-- | templates/puppetmaster.erb | 65 |
1 files changed, 0 insertions, 65 deletions
diff --git a/templates/puppetmaster.erb b/templates/puppetmaster.erb deleted file mode 100644 index b678163..0000000 --- a/templates/puppetmaster.erb +++ /dev/null @@ -1,65 +0,0 @@ -# This configuration file was auto-generated by the Puppet configuration -# management system. Any changes you make to this file will be overwritten -# the next time Puppet runs. Please make configuration changes to this -# service in Puppet. - -server { - listen <%= scope.lookupvar('nginx::puppetmaster::ssl_port') %>; - ssl_verify_client on; - root /var/empty; - access_log /var/log/nginx/access-<%= scope.lookupvar('nginx::puppetmaster::ssl_port') %>.log; - rewrite_log on; - large_client_header_buffers 16 4k; - - # Variables - # $ssl_cipher returns the line of those utilized it is cipher for established SSL-connection - # $ssl_client_serial returns the series number of client certificate for established SSL-connection - # $ssl_client_s_dn returns line subject DN of client certificate for established SSL-connection - # $ssl_client_i_dn returns line issuer DN of client certificate for established SSL-connection - # $ssl_protocol returns the protocol of established SSL-connection - - location / { - proxy_pass http://puppet-production; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Client-Verify SUCCESS; - proxy_set_header X-SSL-Subject $ssl_client_s_dn; - proxy_set_header X-SSL-Issuer $ssl_client_i_dn; - proxy_connect_timeout 90; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_buffer_size 16k; - proxy_busy_buffers_size 32k; - proxy_intercept_errors on; - proxy_buffers 128 4k; - } -} - -server { - listen <%= scope.lookupvar('nginx::puppetmaster::non_ssl_port') %>; - ssl_verify_client off; - root /var/empty; - access_log /var/log/nginx/access-<%= scope.lookupvar('nginx::puppetmaster::non_ssl_port') %>.log; - rewrite_log on; - large_client_header_buffers 16 4k; - - location / { - proxy_pass http://puppet-production; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Client-Verify FAILURE; - proxy_set_header X-SSL-Subject $ssl_client_s_dn; - proxy_set_header X-SSL-Issuer $ssl_client_i_dn; - proxy_connect_timeout 90; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_buffer_size 16k; - proxy_busy_buffers_size 32k; - proxy_intercept_errors on; - proxy_buffers 128 4k; - } -} |