Untitled

From Idiotic Flamingo, 7 Years ago, written in Plain Text, viewed 905 times.
URL https://p.gaa.st/view/91612911 Embed
Download Paste or View Raw
  1. server {
  2.         listen                     8140 ssl;
  3.         server_name                puppet ....HOSTNAME/ALIAS LIST (space separated)....;
  4.  
  5.         passenger_enabled          on;
  6.         passenger_app_env          production;
  7.  
  8.         passenger_set_header       X-Client-Verify      $ssl_client_verify;
  9.         passenger_set_header       X-Client-DN          $ssl_client_s_dn;
  10.         passenger_set_header       X-SSL-Subject        $ssl_client_s_dn;
  11.         passenger_set_header       X-SSL-Issuer         $ssl_client_i_dn;
  12.  
  13.         access_log                 /var/log/nginx/puppet_access.log;
  14.         error_log                  /var/log/nginx/puppet_error.log;
  15.  
  16.         root                       /etc/puppet/rack/public;
  17.  
  18.         ssl_certificate            /var/lib/puppet/ssl/certs/HOSTNAME.pem;
  19.         ssl_certificate_key        /var/lib/puppet/ssl/private_keys/HOSTNAME.pem;
  20.         ssl_crl                    /var/lib/puppet/ssl/ca/ca_crl.pem;
  21.         ssl_client_certificate     /var/lib/puppet/ssl/certs/ca.pem;
  22.         ssl_ciphers                'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  23.         ssl_prefer_server_ciphers  on;
  24.         ssl_verify_client          optional;
  25.         ssl_verify_depth           1;
  26.         ssl_session_cache          shared:SSL:128m;
  27.         ssl_session_timeout        5m;
  28. }
  29.  

Reply to "Untitled"

Here you can reply to the paste above