Skip to content

Instantly share code, notes, and snippets.

@denji
Forked from srinivasmohan/chefsvr-nginx-ssl.conf
Created June 15, 2013 21:39
Show Gist options
  • Save denji/5789675 to your computer and use it in GitHub Desktop.
Save denji/5789675 to your computer and use it in GitHub Desktop.
###Nginx config to make Chef servers WebGUI (localhost:4040) and
###REST API (localhost:4000) both available over SSL in the same vhost.
#If your SSL certificate requires a CA Cert bundle, then you may also need to install/symlink a copy of the
#bundle pem in folder /etc/ssl/certs/ and run "c_rehash /etc/ssl/certs/" on the machines that
#need to access these SSL endpoints.
# This is typically needed for RapidSSL/Geotrust issued SSL certificates, YMMV.
#I have these upstreams in the main nginc.conf:
#rest api
upstream chef_webui {
server 127.0.0.1:4040;
}
#local chef server
upstream chef_api_local {
server 127.0.0.1:4000;
}
#And the ssl vhost config uses these upstreams.
server {
listen 443 default_server ssl;
ssl_certificate /etc/myssl/mydomain_com_ee.crt;
ssl_certificate_key /etc/myssl/mydomain.com.key;
#ssl_client_certificate /etc/myssl/RapidSSL_CA_bundle.pem; Optionally include CA Cert bundle.
keepalive_timeout 60;
root /usr/share/nginx/www;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name mychefsvr.domain.com;
access_log /var/log/nginx/chef-access.log;
error_log /var/log/nginx/chef-error.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
location / {
#API
if ( $http_x_ops_timestamp != "" ){
proxy_pass http://chef_api_local;
break;
}
#GUI
proxy_pass http://chef_webui;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment