-
-
Save cbreden/3a733934590bcee2c41e to your computer and use it in GitHub Desktop.
Chef embedded nginx configs 20150128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@testauto01 ~]# cat /var/opt/chef-server/nginx/etc/nginx.conf | |
user chef_server chef_server; | |
worker_processes 1; | |
error_log /var/log/chef-server/nginx/error.log; | |
daemon off; | |
events { | |
worker_connections 10240; | |
} | |
http { | |
log_format opscode '$remote_addr - $remote_user [$time_local] ' | |
'"$request" $status "$request_time" $body_bytes_sent ' | |
'"$http_referer" "$http_user_agent" "$upstream_addr" "$upstream_status" "$upstream_response_time" "$http_x_chef_version" "$http_x_ops_sign" "$http_x_ops _userid" "$http_x_ops_timestamp" "$http_x_ops_content_hash" $request_length'; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
gzip on; | |
gzip_http_version 1.0; | |
gzip_comp_level 2; | |
gzip_proxied any; | |
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json; | |
include /opt/chef-server/embedded/conf/mime.types; | |
upstream erchef { | |
server 127.0.0.1:8000; | |
} | |
upstream chef_server_webui { | |
server 127.0.0.1:9462; | |
} | |
upstream bookshelf { | |
server 127.0.0.1:4321; | |
} | |
# external lb config for Chef API | |
proxy_cache_path /var/opt/chef-server/nginx/cache levels=1:2 keys_zone=webui-cache:50m max_size=5000m inactive=600m; | |
proxy_temp_path /var/opt/chef-server/nginx/cache-tmp; | |
# We support three options: serve nothing on non_ssl_port (80), | |
# redirect to https, or actually serve the API. | |
server { | |
listen 80; | |
server_name testauto01.svl.ibm.com; | |
access_log /var/log/chef-server/nginx/rewrite-port-80.log; | |
rewrite ^(.*) https://$server_name:443$1 permanent; | |
} | |
# Chef HTTPS API | |
include /var/opt/chef-server/nginx/etc/chef_https_lb.conf; | |
} | |
[root@testauto01 ~]# cat /var/opt/chef-server/nginx/etc/chef_https_lb.conf | |
server { | |
listen 443; | |
server_name testauto01.svl.ibm.com; | |
access_log /var/log/chef-server/nginx/access.log opscode; | |
ssl on; | |
ssl_certificate /var/opt/chef-server/nginx/ca/testauto01.svl.ibm.com.crt; | |
ssl_certificate_key /var/opt/chef-server/nginx/ca/testauto01.svl.ibm.com.key; | |
ssl_session_timeout 5m; | |
ssl_protocols SSLv3 TLSv1; | |
ssl_ciphers RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK; | |
ssl_prefer_server_ciphers on; | |
root /var/opt/chef-server/nginx/html; | |
client_max_body_size 250m; | |
proxy_set_header Host $host:$server_port; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_pass_request_headers on; | |
proxy_connect_timeout 1; | |
proxy_send_timeout 300; | |
proxy_read_timeout 300; | |
error_page 404 =404 /404.html; | |
error_page 503 =503 /503.json; | |
#location /nginx_status { | |
#stub_status on; | |
#access_log off; | |
#allow 127.0.0.1; | |
#deny all; | |
#} | |
location /version { | |
types { } | |
default_type text/plain; | |
alias /opt/chef-server/version-manifest.txt; | |
} | |
location /docs { | |
index index.html ; | |
alias /opt/chef-server/docs; | |
} | |
# bookshelf | |
location ~ "/bookshelf/{0,1}.*$" { | |
proxy_pass http://bookshelf; | |
} | |
location ~ "^/(?:stylesheets|javascripts|images|facebox|css|favicon|robots|humans)/{0,1}.*$" { | |
if ($http_x_chef_version ~* "^(\d+\.\d+?)\..+$") { | |
error_page 400 =400 /400-chef_client_manage.json; | |
return 400; | |
} | |
proxy_pass http://chef_server_webui; | |
proxy_pass_request_headers off; | |
proxy_cache webui-cache; | |
proxy_cache_valid 200 302 300m; | |
proxy_cache_valid 404 1m; | |
} | |
location = /_status { | |
proxy_pass http://erchef/_status; | |
} | |
location = /_status/ { | |
proxy_pass http://erchef/_status; | |
} | |
location / { | |
set $my_upstream erchef; | |
if ($http_x_ops_userid = "") { | |
set $my_upstream chef_server_webui; | |
} | |
proxy_redirect http://$my_upstream /; | |
proxy_pass http://$my_upstream; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment