anadimisra/nginx.conf

## nginx.conf
user  puppet;
worker_processes  4;

error_log  logs/error.log  info;

events {
    use epoll;
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    server_tokens off;
    keepalive_timeout  120;

    gzip  on;
    gzip_http_version 1.1;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_min_length 1100;
    gzip_buffers 64 8k;
    gzip_comp_level 3;
    gzip_proxied any;
    gzip_types text/plain text/css application/x-javascript text/xml application/xml;

    # Passenger required for puppet
    passenger_root  /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18;
    passenger_ruby  /usr/bin/ruby;
    passenger_max_pool_size 15;


    server {
        listen       80;
        server_name  _;

        charset utf-8;

        location / {
            root   html;
            index  index.html index.htm index.php;
        }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
      access_log off;
	    log_not_found off;
            deny  all;
        }

	location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
	    access_log        off;
	    log_not_found     off;
	    expires           2d;
	}
    }

    server {
	ssl 			   on;
	listen                     8140 ssl;
	server_name		   _;

	passenger_enabled          on;
	passenger_set_cgi_param    HTTP_X_CLIENT_DN $ssl_client_s_dn;
	passenger_set_cgi_param    HTTP_X_CLIENT_VERIFY $ssl_client_verify;
	passenger_min_instances    5;

	access_log                 logs/puppet_access.log;
	error_log                  logs/puppet_error.log;

	root                       /etc/puppet/rack/public;

	ssl_certificate            /var/lib/puppet/ssl/certs/puppet.master.certname.pem;
	ssl_certificate_key        /var/lib/puppet/ssl/private_keys/puppet.master.certname.pem;
	ssl_crl                    /var/lib/puppet/ssl/ca/ca_crl.pem;
	ssl_client_certificate     /var/lib/puppet/ssl/certs/ca.pem;
        ssl_protocols              SSLv3 TLSv1;
	ssl_ciphers                ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!kEDH:+EXP:-SSLv2;
	ssl_prefer_server_ciphers  on;
	ssl_verify_client          optional;
	ssl_verify_depth           1;
	ssl_session_cache          shared:SSL:128m;
	ssl_session_timeout        5m;
    }

    include conf.d/*.conf;
}
	user puppet;
	worker_processes 4;

	error_log logs/error.log info;

	events {
	use epoll;
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log logs/access.log main;

	sendfile on;
	server_tokens off;
	keepalive_timeout 120;

	gzip on;
	gzip_http_version 1.1;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_min_length 1100;
	gzip_buffers 64 8k;
	gzip_comp_level 3;
	gzip_proxied any;
	gzip_types text/plain text/css application/x-javascript text/xml application/xml;

	# Passenger required for puppet
	passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.18;
	passenger_ruby /usr/bin/ruby;
	passenger_max_pool_size 15;


	server {
	listen 80;
	server_name _;

	charset utf-8;

	location / {
	root html;
	index index.html index.htm index.php;
	}

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root html;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
	access_log off;
	log_not_found off;
	deny all;
	}

	location ~* \.(jpg\|jpeg\|gif\|png\|css\|js\|ico\|xml)$ {
	access_log off;
	log_not_found off;
	expires 2d;
	}
	}

	server {
	ssl on;
	listen 8140 ssl;
	server_name _;

	passenger_enabled on;
	passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
	passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
	passenger_min_instances 5;

	access_log logs/puppet_access.log;
	error_log logs/puppet_error.log;

	root /etc/puppet/rack/public;

	ssl_certificate /var/lib/puppet/ssl/certs/puppet.master.certname.pem;
	ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.master.certname.pem;
	ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
	ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
	ssl_protocols SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!kEDH:+EXP:-SSLv2;
	ssl_prefer_server_ciphers on;
	ssl_verify_client optional;
	ssl_verify_depth 1;
	ssl_session_cache shared:SSL:128m;
	ssl_session_timeout 5m;
	}

	include conf.d/*.conf;
	}