Skip to content

Instantly share code, notes, and snippets.

@sacharv

sacharv/gist:3b26d77c16ae1d8518b3

Created June 2, 2014 11:11
Show Gist options
  • Save sacharv/3b26d77c16ae1d8518b3 to your computer and use it in GitHub Desktop.
Save sacharv/3b26d77c16ae1d8518b3 to your computer and use it in GitHub Desktop.
Download ZIP
nginx + passenger + foreman 1.5
Raw
gistfile1.txt
passenger+nginx (SL6 + SCL)
set correct path for SCL ruby:
export PATH=/opt/rh/ruby193/root/usr/bin:$PATH
export LD_LIBRARY_PATH=/opt/rh/ruby193/root/usr/lib64:$LD_LIBRARY_PATH
download latest phusion passenger tarbal (I wrongly put it in /usr/local/src, so that is where the libs are now)
./bin/passenger-install-nginx-module
follow all default steps (have script download and compile nginx)
passenger-config --nginx-libs
/opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/Logging.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/Utils/SystemTime.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/Utils/StrIntUtils.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/Utils/IOUtils.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/Utils.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/AgentsStarter.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/ApplicationPool2/AppTypes.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/Utils/CachedFileStat.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/Utils/Base64.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libpassenger_common/agents/LoggingAgent/FilterSupport.o /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.18/lib/common/libboost_oxt.a
passenger-config --ruby-command
passenger-config was invoked through the following Ruby interpreter:
Command: /opt/rh/ruby193/root/usr/bin/ruby
Version: ruby 1.9.3p448 (2013-06-27) [x86_64-linux]
To use in Apache: PassengerRuby /opt/rh/ruby193/root/usr/bin/ruby
To use in Nginx : passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby
To use with Standalone: /opt/rh/ruby193/root/usr/bin/ruby /opt/rh/ruby193/root/usr/bin/passenger start
The following Ruby interpreter was found first in $PATH:
Command: /opt/rh/ruby193/root/usr/bin/ruby
Version: ruby 1.9.3p448 (2013-06-27) [x86_64-linux]
To use in Apache: PassengerRuby /opt/rh/ruby193/root/usr/bin/ruby
To use in Nginx : passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby
To use with Standalone: /opt/rh/ruby193/root/usr/bin/ruby /opt/rh/ruby193/root/usr/bin/passenger start
## Notes for RVM users
Do you want to know which command to use for a different Ruby interpreter? 'rvm use' that Ruby interpreter, then re-run 'passenger-config --ruby-command'.
add the following two lines to /etc/init.d/nginx (not sure if they are actually required)
export LD_LIBRARY_PATH=/opt/rh/ruby193/root/usr/lib64:$LD_LIBRARY_PATH
export PATH=/opt/rh/ruby193/root/usr/bin:$PATH
foreman nginx config:
cat /etc/nginx/conf.d/foreman.conf
#passenger_root /opt/rh/ruby193/root/usr/share/gems/gems/passenger-4.0.5;
#passenger_ruby /usr/bin/ruby193-ruby;
#passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby;
server {
# passenger_ruby /usr/bin/ruby193-ruby;
passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby;
listen 80;
server_name foreman2.grass.corp foreman2;
access_log /var/log/nginx/foreman_access.log;
error_log /var/log/nginx/foreman_error.log debug;
root /usr/share/foreman/public;
passenger_enabled on;
}
server {
#passenger_ruby /usr/bin/ruby193-ruby;
passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby;
listen 443;
server_name foreman;
ssl on;
ssl_certificate /var/lib/puppet/ssl/certs/foreman.corp.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/foreman.corp.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
# Verify puppetmaster clients against Puppet CA
ssl_verify_client optional;
ssl_verify_depth 1;
access_log /var/log/nginx/foreman_access.log;
error_log /var/log/nginx/foreman_error.log debug;
root /usr/share/foreman/public;
passenger_enabled on;
passenger_set_cgi_param HTTPS on;
passenger_set_cgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
passenger_set_cgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
#location / {
#}
}
# required for the nodestuff
server {
# passenger_ruby /usr/bin/ruby193-ruby;
passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby;
listen 9443;
server_name csqmgmt-prov02;
ssl on;
ssl_certificate /var/lib/puppet/ssl/certs/foreman.corp.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/foreman.corp.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
# Verify puppetmaster clients against Puppet CA
ssl_verify_client optional;
ssl_verify_depth 1;
access_log /var/log/nginx/foreman_access.log;
error_log /var/log/nginx/foreman_error.log debug;
root /usr/share/foreman/public;
passenger_enabled on;
passenger_set_cgi_param HTTPS on;
passenger_set_cgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
passenger_set_cgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
#location / {
#}
}
I've added the passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby; bit to every server { } stanza, might work to just put it once at the top of the file
cat /etc/nginx/conf.d/passenger.conf
#passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-4.0.5;
passenger_ruby /usr/bin/ruby;
passenger_root /usr/local/src/passenger-4.0.41;
#passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby;
# You'll need to integrate this portion into your own config
# server {
# listen 80;
# server_name www.yourhost.com;
# root /somewhere/public; # <--- be sure to point to 'public'!
# passenger_enabled on;
# }
cat /etc/nginx/conf.d/puppet.conf
server {
listen 8140 ssl;
server_name _;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
client_max_body_size 300M;
access_log /var/log/nginx/puppet_access.log;
error_log /var/log/nginx/puppet_error.log;
root /var/lib/puppet/rack/public;
ssl_certificate /var/lib/puppet/ssl/certs/foreman.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/foreman.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;
}
note! nginx or passenger doesn't like symlinks, so you need to remove the /usr/share/foreman/public symlink and copy the actualy public directory to /usr/share/foreman. This means that when upgrading foreman you need to remove the directory and copy it back after the upgrade (bit annoying)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment