Skip to content

Instantly share code, notes, and snippets.

@cbreden

cbreden/gist:3a733934590bcee2c41e Secret

Created January 28, 2015 19:43
Show Gist options
  • Save cbreden/3a733934590bcee2c41e to your computer and use it in GitHub Desktop.
Save cbreden/3a733934590bcee2c41e to your computer and use it in GitHub Desktop.
Download ZIP
Chef embedded nginx configs 20150128
Raw
gistfile1.txt
[root@testauto01 ~]# cat /var/opt/chef-server/nginx/etc/nginx.conf
user chef_server chef_server;
worker_processes 1;
error_log /var/log/chef-server/nginx/error.log;
daemon off;
events {
worker_connections 10240;
}
http {
log_format opscode '$remote_addr - $remote_user [$time_local] '
'"$request" $status "$request_time" $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$upstream_addr" "$upstream_status" "$upstream_response_time" "$http_x_chef_version" "$http_x_ops_sign" "$http_x_ops _userid" "$http_x_ops_timestamp" "$http_x_ops_content_hash" $request_length';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;
include /opt/chef-server/embedded/conf/mime.types;
upstream erchef {
server 127.0.0.1:8000;
}
upstream chef_server_webui {
server 127.0.0.1:9462;
}
upstream bookshelf {
server 127.0.0.1:4321;
}
# external lb config for Chef API
proxy_cache_path /var/opt/chef-server/nginx/cache levels=1:2 keys_zone=webui-cache:50m max_size=5000m inactive=600m;
proxy_temp_path /var/opt/chef-server/nginx/cache-tmp;
# We support three options: serve nothing on non_ssl_port (80),
# redirect to https, or actually serve the API.
server {
listen 80;
server_name testauto01.svl.ibm.com;
access_log /var/log/chef-server/nginx/rewrite-port-80.log;
rewrite ^(.*) https://$server_name:443$1 permanent;
}
# Chef HTTPS API
include /var/opt/chef-server/nginx/etc/chef_https_lb.conf;
}
[root@testauto01 ~]# cat /var/opt/chef-server/nginx/etc/chef_https_lb.conf
server {
listen 443;
server_name testauto01.svl.ibm.com;
access_log /var/log/chef-server/nginx/access.log opscode;
ssl on;
ssl_certificate /var/opt/chef-server/nginx/ca/testauto01.svl.ibm.com.crt;
ssl_certificate_key /var/opt/chef-server/nginx/ca/testauto01.svl.ibm.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers RC4-SHA:RC4-MD5:RC4:RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK;
ssl_prefer_server_ciphers on;
root /var/opt/chef-server/nginx/html;
client_max_body_size 250m;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass_request_headers on;
proxy_connect_timeout 1;
proxy_send_timeout 300;
proxy_read_timeout 300;
error_page 404 =404 /404.html;
error_page 503 =503 /503.json;
#location /nginx_status {
#stub_status on;
#access_log off;
#allow 127.0.0.1;
#deny all;
#}
location /version {
types { }
default_type text/plain;
alias /opt/chef-server/version-manifest.txt;
}
location /docs {
index index.html ;
alias /opt/chef-server/docs;
}
# bookshelf
location ~ "/bookshelf/{0,1}.*$" {
proxy_pass http://bookshelf;
}
location ~ "^/(?:stylesheets|javascripts|images|facebox|css|favicon|robots|humans)/{0,1}.*$" {
if ($http_x_chef_version ~* "^(\d+\.\d+?)\..+$") {
error_page 400 =400 /400-chef_client_manage.json;
return 400;
}
proxy_pass http://chef_server_webui;
proxy_pass_request_headers off;
proxy_cache webui-cache;
proxy_cache_valid 200 302 300m;
proxy_cache_valid 404 1m;
}
location = /_status {
proxy_pass http://erchef/_status;
}
location = /_status/ {
proxy_pass http://erchef/_status;
}
location / {
set $my_upstream erchef;
if ($http_x_ops_userid = "") {
set $my_upstream chef_server_webui;
}
proxy_redirect http://$my_upstream /;
proxy_pass http://$my_upstream;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment