Nginx-to-(apache+foreman+puppet) Load Balancing
First, the prerequisite preparation
Test environment:
Os:centos 6.5_x86
puppet-server-3.8.3
foreman-1.9.2
foreman-proxy-1.9.2
httpd-2.2.15
The server is set up. Apache+foreman+puppet for details, please refer to:
http://4709096.blog.51cto.com/4699096/1710697
Second, modify the Pupeptmaster related configuration
2.1 Modifying the puppetmaster port
#vim/etc/sysconfig/puppetmaster
puppetmaster_ports= (18140 18141)
2.2 Modifying puppetmaster Directory access rights
#vim/etc/puppt/auth.conf
Path/
Auth any
Allow *
Do not modify here, Nginx request will appear 403 error
2.3 Modifying the httpd port of the puppetmaster
#vim/etc/httpd/conf/ports.conf
Listen 18140
Namevirtualhost *:18140
Added: 18141 monitoring
Listen 18141
Namevirtualhost *:18141
#vim/etc/httpd/conf.d/25-puppet.conf
<virtaulhost *:18140>
Add 18141 of Virtual hosts
#cp/etc/httpd/conf.d/25-puppet.conf/etc/httpd/conf.d/26-puppet.conf
Modifying the 26-puppet.conf
<virtaulhost *:18141>
Three, Nginx installation and configuration
3.1 Installing Nginx
#tar-ZXVF nginx-1.4.7.tar.gz
#cd nginx-1.4.7
./configure--prefix=/usr/local/nginx--with-http_stub_status_module--with-http_ssl_module
Make && make install
3.2 Modifying the nginx.conf configuration
#vim/usr/local/nginx/conf/nginx.conf
Add the following within httpd{}:
Upstream puppetmaster {
Server 127.0.0.1:18140;
Server 127.0.0.1:18141;
}
server {
Listen 8140 SSL;
server_name puppet.test.com;
Root/etc/puppet;
SSL on;
Ssl_session_timeout 5m;
#如下为puppetmaster服务器端证书地址
SSL_CERTIFICATE/VAR/LIB/PUPPET/SSL/CERTS/PUPPET.TEST.COM.PEM;
SSL_CERTIFICATE_KEY/VAR/LIB/PUPPET/SSL/PRIVATE_KEYS/PUPPET.TEST.COM.PEM;
SSL_CLIENT_CERTIFICATE/VAR/LIB/PUPPET/SSL/CA/CA_CRT.PEM;
SSL_CRL/VAR/LIB/PUPPET/SSL/CA/CA_CRL.PEM;
Ssl_verify_client Optional;
Ssl_protocols SSLv2 SSLv3 TLSv1;
Ssl_ciphers all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp;
#File Sections
location/production/file_content/files/{
Types {}
Default_type Application/x-raw;
#定义puppet推送路径别名
alias/etc/puppet/files/;
}
# Modules Files Sections
Location ~/production/file_content/modules/.+/{
Root/etc/puppet/modules;
Types {}
Default_type Application/x-raw;
Rewrite ^/production/file_content/modules/(. +)/(. +) $/$1/files/$2 break;
}
Location/{
# #设置跳转到puppetmaster负载均衡
Proxy_pass HTTPS://puppetmaster;
Proxy_redirect off;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Proxy_set_header x-client-verify $ssl _client_verify;
Proxy_set_header x-ssl-subject $ssl _client_s_dn;
Proxy_set_header X-ssl-issuer $ssl _client_i_dn;
Proxy_buffer_size 10m;
Proxy_buffers 1024x768 10m;
Proxy_busy_buffers_size 10m;
Proxy_temp_file_write_size 10m;
Proxy_read_timeout 120;
}
Iv. Initiation of related services
4.1 Start Nginx
#/usr/local/nginx/sbin/nginx
4.2 Launch Apache
#service httpd Start
4.3 Start foreman-proxy
#service foreman-porxy Start
4.4 Start puppetmaster (not start or can)
#puppet Master Start
Five, open the client for verification can
#puppet Agent--server=puppet.test.com--test
Acknowledgement: I refer to a number of articles after summing up, in this thank you network share!
This article is from the "4699096" blog, please be sure to keep this source http://4709096.blog.51cto.com/4699096/1730674
Nginx-to-(apache+foreman+puppet) Load Balancing