建立一个epel

Vim /etc/yum.repos.d/local.repo配置

[epel]

name=Red  Hat Enterprise Linux $releasever - $basearch - epel

baseurl=http://mirrors.sohu.com/fedora-epel/5Server/$basearch

enabled=1

gpgcheck=0


Yum安装mongrel

#yum  -y install rubygem-mongrel


编辑/etc/init.d/puppetmaster添加以下两行

PUPPETMASTER_PORTS=(  18140 18141 18142 18143 )

PUPPETMASTER_EXTRA_OPTS="--servertype=mongrel  --ssl_client_header=HTTP_X_SSL_SUBJECT"


配置nginx


下载并且安装nginx

# wget  http://nginx.org/download/nginx-xxxx.tar.gz

#tar  zxvf nginx-xxx.tar.gz

#cd  nginx-xxx

#yum  -y install pcre-devel openssl-devel

#  ./configure --with-http_stub_status_module --with-http_ssl_module

#make  && make install


vim /usr/local/nginx/conf/nginx.conf配置

user www www;

worker_processes 4;

worker_rlimit_nofile  65535;


error_log/var/log/nginx-puppet.log notice;

pid/var/run/nginx-puppet.pid;


events  {

   useepoll;

   worker_connections 32768;

}


http {

   include mime.types;

   default_type application/octet-stream;

   sendfile on;

   tcp_nopush on;


   keepalive_timeout 300;

   tcp_nodelay on;

   access_log /var/log/nginx/access.log;


   upstream puppetmaster {

       server 127.0.0.1:18140;

       server 127.0.0.1:18141;

       server 127.0.0.1:18142;

       server 127.0.0.1:18143;

   }


server {

   listen 8140;

   root /etc/puppet;


   access_log  /var/log/nginx/puppet-access.log;


   ssl on;

   ssl_session_timeout 5m;

   ssl_certificate /etc/puppet/ssl/certs/puppetser.xxxx.com.pem;

   ssl_certificate_key /etc/puppet/ssl/private_keys/puppetser.xxxx.com.pem;

   ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem;

   ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;

   ssl_verify_client optional;



# File sections

location /production/file_content/files/  {

   types { }

   default_type application/x-raw;

   alias /etc/puppet/manifests/files/;

}


# Modules files sections

location ~  /production/file_content/modules/.+/ {

   root /etc/puppet/modules;

   types { }

   default_type application/x-raw;

   rewrite  ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;

}


# Ask the puppetmaster for everything  else

location / {

   proxy_pass http://puppetmaster;

   proxy_redirect off;

   proxy_set_header Host $host;

   proxy_set_header X-Real-IP $remote_addr;

   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

   proxy_set_header X-Client-Verify $ssl_client_verify;

   proxy_set_header X-SSL-Subject $ssl_client_s_dn;

   proxy_set_header X-SSL-Issuer $ssl_client_i_dn;

   proxy_buffer_size 16k;

   proxy_buffers 8 32k;

   proxy_busy_buffers_size 64k;

   proxy_temp_file_write_size 64k;

   proxy_read_timeout 65;

}

}

}


注:如果没有www用户就创建一个(#useradd-s /sbin/nologin www


重新启动puppetmasternginx

#/etc/init.d/puppetmaster  restart

#/usr/local/nginx/sbin/nginx