Last active
April 27, 2016 23:39
-
-
Save udienz/7191e6811d9087c5ebbaacade4aeeb3b to your computer and use it in GitHub Desktop.
foreman+unicorn+nginx ssl offload on debian
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "deb http://apt.puppetlabs.com wheezy main" >>/etc/apt/sources.list | |
| apt-get update | |
| apt-get install foreman unicorn | |
| /etc/init.d/foreman stop | |
| #disable /etc/init.d/foreman | |
| rcconf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change paramentres below to appropriate values and set CONFIGURED to yes. | |
| CONFIGURED=yes | |
| # Default timeout until child process is killed during server upgrade, | |
| # it has *no* relation to option "timeout" in server's config.rb. | |
| TIMEOUT=60 | |
| # Path to your web application, sh'ld be also set in server's config.rb, | |
| # option "working_directory". Rack's config.ru is located here. | |
| APP_ROOT=/usr/share/foreman | |
| # Server's config.rb, it's not a rack's config.ru | |
| CONFIG_RB="$APP_ROOT/unicorn.conf.rb" | |
| # Where to store PID, sh'ld be also set in server's config.rb, option "pid". | |
| PID=/run/unicorn.pid | |
| # Additional arguments passed to unicorn, see man (1) unicorn. | |
| UNICORN_OPTS="-D -E production -c $CONFIG_RB" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| #your default puppet server - can be overridden in the host level | |
| #if none specified, plain "puppet" will be used. | |
| #:puppet_server: puppet | |
| :unattended: true | |
| :puppetconfdir: /etc/puppet/puppet.conf | |
| :failed_report_email_notification: true | |
| :login: true | |
| :require_ssl: false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream foreman { | |
| server 127.0.0.1:3200; | |
| } | |
| server { | |
| listen 80; | |
| server_name <%= fqdn %>; | |
| access_log /var/log/nginx/access-foreman.log; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Client-Verify $ssl_client_verify; | |
| proxy_set_header X-Client-DN $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
| location / { | |
| proxy_pass http://foreman; | |
| proxy_read_timeout 65; | |
| } | |
| } | |
| server { | |
| listen 443 default_server ssl; | |
| server_name <%= fqdn %>; | |
| access_log /var/log/nginx/access-foreman.log; | |
| ssl on; | |
| ssl_certificate /var/lib/puppet/ssl/certs/<%= fqdn %>.pem; | |
| ssl_certificate_key /var/lib/puppet/ssl/private_keys/<%= fqdn %>.pem; | |
| ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; | |
| ssl_session_cache shared:SSL:40m; | |
| ssl_session_timeout 5m; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Client-Verify $ssl_client_verify; | |
| proxy_set_header X-Client-DN $ssl_client_s_dn; | |
| proxy_set_header X-SSL-Issuer $ssl_client_i_dn; | |
| location / { | |
| proxy_pass http://foreman; | |
| proxy_read_timeout 65; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Install puppet and augeas | |
| wget http://apt.puppetlabs.com/puppetlabs-release-$(lsb_release -cs).deb | |
| sudo dpkg -i puppetlabs-release-$(lsb_release -cs).deb | |
| sudo apt-get update | |
| sudo apt-get install puppet augeas-tools -y | |
| rm puppetlabs-release-$(lsb_release -cs).deb | |
| sudo sed -i 's/START=no/START=yes/' /etc/default/puppet | |
| sudo sed -i '/templatedir=.*/d' /etc/puppet/puppet.conf | |
| sudo puppet agent --enable | |
| # install foreman | |
| sudo su -c 'echo "deb http://deb.theforeman.org/ $(lsb_release -cs) 1.10" > /etc/apt/sources.list.d/foreman.list' | |
| sudo su -c 'echo "deb http://deb.theforeman.org/ plugins 1.10" >> /etc/apt/sources.list.d/foreman.list' | |
| sudo su -c 'wget -q http://deb.theforeman.org/pubkey.gpg -O- | apt-key add -' | |
| sudo apt-get update | |
| sudo apt-get install foreman foreman-installer unicorn | |
| sudo augtool -s set /files/etc/default/foreman/START no | |
| sudo augtool -s set /files/etc/default/unicorn/TIMEOUT 60 | |
| sudo augtool -s set /files/etc/default/unicorn/APP_ROOT "/usr/share/foreman" | |
| sudo augtool -s set /files/etc/default/unicorn/CONFIG_RB '\"$APP_ROOT/unicorn.conf.rb\"' | |
| sudo augtool -s set /files/etc/default/unicorn/UNICORN_OPTS '\"-D -E production -c $CONFIG_RB\"' | |
| sudo augtool -s set /files/etc/default/unicorn/CONFIGURED yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment