-
-
Save denji/5789675 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###Nginx config to make Chef servers WebGUI (localhost:4040) and | |
###REST API (localhost:4000) both available over SSL in the same vhost. | |
#If your SSL certificate requires a CA Cert bundle, then you may also need to install/symlink a copy of the | |
#bundle pem in folder /etc/ssl/certs/ and run "c_rehash /etc/ssl/certs/" on the machines that | |
#need to access these SSL endpoints. | |
# This is typically needed for RapidSSL/Geotrust issued SSL certificates, YMMV. | |
#I have these upstreams in the main nginc.conf: | |
#rest api | |
upstream chef_webui { | |
server 127.0.0.1:4040; | |
} | |
#local chef server | |
upstream chef_api_local { | |
server 127.0.0.1:4000; | |
} | |
#And the ssl vhost config uses these upstreams. | |
server { | |
listen 443 default_server ssl; | |
ssl_certificate /etc/myssl/mydomain_com_ee.crt; | |
ssl_certificate_key /etc/myssl/mydomain.com.key; | |
#ssl_client_certificate /etc/myssl/RapidSSL_CA_bundle.pem; Optionally include CA Cert bundle. | |
keepalive_timeout 60; | |
root /usr/share/nginx/www; | |
index index.php index.html index.htm; | |
# Make site accessible from http://localhost/ | |
server_name mychefsvr.domain.com; | |
access_log /var/log/nginx/chef-access.log; | |
error_log /var/log/nginx/chef-error.log; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
location / { | |
#API | |
if ( $http_x_ops_timestamp != "" ){ | |
proxy_pass http://chef_api_local; | |
break; | |
} | |
#GUI | |
proxy_pass http://chef_webui; | |
} | |
# deny access to .htaccess files, if Apache's document root | |
# concurs with nginx's one | |
# | |
location ~ /\.ht { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment