From e8c2a92070f9ffe195b08f4d03e81b03960cc698 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Tue, 8 Oct 2013 10:20:57 +0200 Subject: [PATCH] Added example of passenger usage --- README.markdown | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/README.markdown b/README.markdown index a5364fcec..f348972cb 100644 --- a/README.markdown +++ b/README.markdown @@ -88,3 +88,55 @@ nginx::nginx_locations: vhost: www.puppetlabs.com www_root: /var/www/html ``` + +## Nginx with precompiled Passenger + +Currently this works only for Debian family. + + class { 'nginx': + package_source => 'passenger', + http_cfg_append => { + 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', + } + } + +Package source `passenger` will add [Phusion Passenger repository](https://oss-binaries.phusionpassenger.com/apt/passenger) to APT sources. +For each virtual host you should specify which ruby should be used. + + vhost_cfg_append => { + 'passenger_enabled' => 'on', + 'passenger_ruby' => '/usr/bin/ruby' + } + +### Puppet master served by Nginx and Passenger + +Virtual host config for serving puppet master: + + nginx::resource::vhost { 'puppet': + ensure => present, + server_name => ['puppet'], + listen_port => 8140, + ssl => true, + ssl_cert => '/var/lib/puppet/ssl/certs/example.com.pem', + ssl_key => '/var/lib/puppet/ssl/private_keys/example.com.pem', + ssl_port => 8140, + ssl_cache => 'shared:SSL:128m', + ssl_ciphers => 'SSLv2:-LOW:-EXPORT:RC4+RSA', + vhost_cfg_append => { + 'passenger_enabled' => 'on', + 'passenger_ruby' => '/usr/bin/ruby', + 'ssl_crl' => '/var/lib/puppet/ssl/ca/ca_crl.pem', + 'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem', + 'ssl_verify_client' => 'optional', + 'ssl_verify_depth' => 1, + }, + www_root => '/etc/puppet/rack/public', + use_default_location => false, + access_log => '/var/log/nginx/puppet_access.log', + error_log => '/var/log/nginx/puppet_error.log', + passenger_cgi_param => { + 'SSL_CLIENT_S_DN' => '$ssl_client_s_dn', + 'SSL_CLIENT_VERIFY' => '$ssl_client_verify', + }, + } +