Skip to content

Commit

Permalink
Added example of passenger usage
Browse files Browse the repository at this point in the history
  • Loading branch information
deric committed Oct 8, 2013
1 parent 7ea6b57 commit e8c2a92
Showing 1 changed file with 52 additions and 0 deletions.
52 changes: 52 additions & 0 deletions README.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,55 @@ nginx::nginx_locations:
vhost: www.puppetlabs.com
www_root: /var/www/html
```
## Nginx with precompiled Passenger
Currently this works only for Debian family.
class { 'nginx':
package_source => 'passenger',
http_cfg_append => {
'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
}
}
Package source `passenger` will add [Phusion Passenger repository](https://oss-binaries.phusionpassenger.com/apt/passenger) to APT sources.
For each virtual host you should specify which ruby should be used.

vhost_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby'
}

### Puppet master served by Nginx and Passenger

Virtual host config for serving puppet master:

nginx::resource::vhost { 'puppet':
ensure => present,
server_name => ['puppet'],
listen_port => 8140,
ssl => true,
ssl_cert => '/var/lib/puppet/ssl/certs/example.com.pem',
ssl_key => '/var/lib/puppet/ssl/private_keys/example.com.pem',
ssl_port => 8140,
ssl_cache => 'shared:SSL:128m',
ssl_ciphers => 'SSLv2:-LOW:-EXPORT:RC4+RSA',
vhost_cfg_append => {
'passenger_enabled' => 'on',
'passenger_ruby' => '/usr/bin/ruby',
'ssl_crl' => '/var/lib/puppet/ssl/ca/ca_crl.pem',
'ssl_client_certificate' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
},
www_root => '/etc/puppet/rack/public',
use_default_location => false,
access_log => '/var/log/nginx/puppet_access.log',
error_log => '/var/log/nginx/puppet_error.log',
passenger_cgi_param => {
'SSL_CLIENT_S_DN' => '$ssl_client_s_dn',
'SSL_CLIENT_VERIFY' => '$ssl_client_verify',
},
}

0 comments on commit e8c2a92

Please sign in to comment.