puppet连载三:服务端安装http、passenger

简介: 服务端安装插件:yum install -y ruby-devel ruby-libs rubygems libcurl-devel httpd httpd-devel apr-util-devel apr-devel mod_ssl gcc-c++...

服务端安装插件:

yum install -y ruby-devel ruby-libs rubygems libcurl-devel httpd httpd-devel apr-util-devel apr-devel mod_ssl gcc-c++ gcc openssl-devel
gem sources --add https://gems.ruby-china.com/ --remove https://rubygems.org/

安装passenger

gem install rake -v 10.4.2
gem install daemon_controller -v 1.2.0
gem install passenger -v 4.0.56
passenger-install-apache2-module

回车,选择ruby

img_69c765781d142b4cce47ee95d2abc699.png
image.png

配置httpd

mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/puppetmaster/
chown puppet. /etc/puppet/rack/puppetmaster/config.ru

修改passenger.conf

vi /etc/httpd/conf.d/passenger.conf
LoadModule passenger_module /usr/local/share/gems/gems/passenger-4.0.56/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/share/gems/gems/passenger-4.0.56
PassengerDefaultRuby /usr/bin/ruby
</IfModule>

保存退出

修改puppetmaster.conf配置

vi /etc/httpd/conf.d/puppetmaster.conf

This Apache 2 virtual host config shows how to use Puppet as a Rack

application via Passenger. See

http://docs.puppetlabs.com/guides/passenger.html for more information.

You can also use the included config.ru file to run Puppet with other Rack

servers instead of Passenger.

you probably want to tune these settings

PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500

PassengerMaxRequests 1000

PassengerStatThrottleRate 120

RackAutoDetect Off

RailsAutoDetect Off

Listen 8140

<VirtualHost *:8140>
SSLEngine on
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
SSLHonorCipherOrder on

    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppetmaster.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppetmaster.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    # If Apache complains about invalid signatures on the CRL, you can try disabling
    # CRL checking by commenting the next line, but this is not recommended.
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
    # which effectively disables CRL checking; if you are using Apache 2.4+ you must
    # specify 'SSLCARevocationCheck chain' to actually use the CRL.
    # SSLCARevocationCheck chain
    SSLVerifyClient optional
    SSLVerifyDepth  1
    # The `ExportCertData` option is needed for agent certificate expiration warnings
    SSLOptions +StdEnvVars +ExportCertData

    # This header needs to be set if using a loadbalancer or proxy
    RequestHeader unset X-Forwarded-For

   RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
   RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /etc/puppet/rack/puppetmaster/public
    RackBaseURI /
    <Directory /etc/puppet/rack/puppetmaster/>
      AllowOverride all
     Options -MultiViews
     Require all granted
    </Directory>

</VirtualHost>

保存退出,重启httpd

service puppetmaster stop
chkconfig puppetmaster off
service httpd restart

目录
相关文章
|
4月前
|
缓存 应用服务中间件 nginx
安装nginx-http-flv-module模块
本文介绍如何为Nginx安装`nginx-http-flv-module`模块。此模块基于`nginx-rtmp-module`二次开发,不仅具备原模块的所有功能,还支持HTTP-FLV播放、GOP缓存、虚拟主机等功能。安装步骤包括:确认Nginx版本、下载相应版本的Nginx与模块源码、重新编译Nginx并加入新模块、验证模块安装成功。特别注意,此模块已包含`nginx-rtmp-module`功能,无需重复编译安装。
187 1
|
7月前
|
缓存 负载均衡 应用服务中间件
如何在 CentOS 7 上为 NGINX 安装开源 HTTP 加速器:Varnish
如何在 CentOS 7 上为 NGINX 安装开源 HTTP 加速器:Varnish
187 1
如何在 CentOS 7 上为 NGINX 安装开源 HTTP 加速器:Varnish
|
5月前
|
机器学习/深度学习 人工智能 文字识别
文本,文字识别02----PaddleOCR基础概念及介绍,安装和使用,人工智能是一种使计算机模仿人类的一种技术,PaddleOCR的安装地址-https://www.paddlepaddle.org
文本,文字识别02----PaddleOCR基础概念及介绍,安装和使用,人工智能是一种使计算机模仿人类的一种技术,PaddleOCR的安装地址-https://www.paddlepaddle.org
|
5月前
|
人工智能
AI绘画,Stable Diffusion如何使用中文简体包,黑色页面切换参数http://127.0.0.1:7860/?__theme=dark 两个__,中文包下载和安装
AI绘画,Stable Diffusion如何使用中文简体包,黑色页面切换参数http://127.0.0.1:7860/?__theme=dark 两个__,中文包下载和安装
|
7月前
|
前端开发 应用服务中间件 网络安全
http转为https,ssl证书安装及nginx配置
http转为https,ssl证书安装及nginx配置
173 1
|
7月前
|
应用服务中间件 Linux 网络安全
Linux【脚本 06】HTTPS转发HTTP安装OpenSSL、Nginx(with-http_ssl_module)及自签名的X.509数字证书生成(一键部署生成脚本分享)
Linux【脚本 06】HTTPS转发HTTP安装OpenSSL、Nginx(with-http_ssl_module)及自签名的X.509数字证书生成(一键部署生成脚本分享)
105 1
|
7月前
|
存储 Java 应用服务中间件
HTTP服务器——tomcat的安装和使用
HTTP服务器——tomcat的安装和使用
|
7月前
|
JSON 安全 网络安全
超详细的用户认证、权限、安全原理详解(认证、权限、JWT、RFC 7235、HTTPS、HSTS、PC端、服务端、移动端、第三方认证等等)
超详细的用户认证、权限、安全原理详解(认证、权限、JWT、RFC 7235、HTTPS、HSTS、PC端、服务端、移动端、第三方认证等等)
1085 0
|
7月前
|
数据安全/隐私保护 C++
c++实现http客户端和服务端的开源库以及Base64加密密码
c++实现http客户端和服务端的开源库以及Base64加密密码

推荐镜像

更多