Для начала нужно включить Mongrel:
vim /etc/sysconfig/puppetmasterТам вносим следующие правки:
PUPPETMASTER_PORTS=(18140, 18141)Ставим сам Mongrel:
PUPPETMASTER_EXTRA_OPTS="--servertype=mongrel"
yum install -y rubygem-mongrel
Перезапускаем:
/etc/init.d/puppetmaster restart
После этого ставим Nginx 1.2 (или старше): http://nginx.org/ru/download.html
В блок http добавляем:
ssl on;ssl_certificate /var/lib/puppet/ssl/certs/config.fastvps.ru.pem;ssl_certificate_key /var/lib/puppet/ssl/private_keys/config.fastvps.ru.pem;ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;ssl_session_cache shared:SSL:8m;
server 127.0.0.1:18141;ssl_session_timeout 5m;upstream puppet-production {server 127.0.0.1:18140;
Также создаем блок server:}
Перезапускаем nginx:server {listen 8140;root /var/empty;access_log /var/log/nginx/access.log;error_log /var/log/nginx/error.log;# allow authenticated and client without certsssl_verify_client optional;# Variables# $ssl_cipher returns the line of those utilized it is cipher for established SSL-connection# $ssl_client_serial returns the series number of client certificate for established SSL-connection# $ssl_client_s_dn returns line subject DN of client certificate for established SSL-connection# $ssl_client_i_dn returns line issuer DN of client certificate for established SSL-connection# $ssl_protocol returns the protocol of established SSL-connectionlocation / {proxy_pass http://puppet-production;proxy_redirect off;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Client-Verify $ssl_client_verify;proxy_set_header X-Client-DN $ssl_client_s_dn;proxy_set_header X-SSL-Subject $ssl_client_s_dn;proxy_set_header X-SSL-Issuer $ssl_client_i_dn;proxy_read_timeout 65;}}
/etc/init.d/nginx restartВсе, после этого Pupept должен стать в разы быстрее :)
Источник: http://projects.puppetlabs.com/projects/1/wiki/Using_Mongrel_Nginx
No comments :
Post a Comment
Note: only a member of this blog may post a comment.