puppet连载三:服务端安装http、passenger

简介: 服务端安装插件:yum install -y ruby-devel ruby-libs rubygems libcurl-devel httpd httpd-devel apr-util-devel apr-devel mod_ssl gcc-c++...

服务端安装插件:

yum install -y ruby-devel ruby-libs rubygems libcurl-devel httpd httpd-devel apr-util-devel apr-devel mod_ssl gcc-c++ gcc openssl-devel
gem sources --add https://gems.ruby-china.com/ --remove https://rubygems.org/

安装passenger

gem install rake -v 10.4.2
gem install daemon_controller -v 1.2.0
gem install passenger -v 4.0.56
passenger-install-apache2-module

回车,选择ruby

img_69c765781d142b4cce47ee95d2abc699.png
image.png

配置httpd

mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/puppetmaster/
chown puppet. /etc/puppet/rack/puppetmaster/config.ru

修改passenger.conf

vi /etc/httpd/conf.d/passenger.conf
LoadModule passenger_module /usr/local/share/gems/gems/passenger-4.0.56/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/share/gems/gems/passenger-4.0.56
PassengerDefaultRuby /usr/bin/ruby
</IfModule>

保存退出

修改puppetmaster.conf配置

vi /etc/httpd/conf.d/puppetmaster.conf

This Apache 2 virtual host config shows how to use Puppet as a Rack

application via Passenger. See

http://docs.puppetlabs.com/guides/passenger.html for more information.

You can also use the included config.ru file to run Puppet with other Rack

servers instead of Passenger.

you probably want to tune these settings

PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500

PassengerMaxRequests 1000

PassengerStatThrottleRate 120

RackAutoDetect Off

RailsAutoDetect Off

Listen 8140

<VirtualHost *:8140>
SSLEngine on
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
SSLHonorCipherOrder on

    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppetmaster.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppetmaster.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    # If Apache complains about invalid signatures on the CRL, you can try disabling
    # CRL checking by commenting the next line, but this is not recommended.
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
    # which effectively disables CRL checking; if you are using Apache 2.4+ you must
    # specify 'SSLCARevocationCheck chain' to actually use the CRL.
    # SSLCARevocationCheck chain
    SSLVerifyClient optional
    SSLVerifyDepth  1
    # The `ExportCertData` option is needed for agent certificate expiration warnings
    SSLOptions +StdEnvVars +ExportCertData

    # This header needs to be set if using a loadbalancer or proxy
    RequestHeader unset X-Forwarded-For

   RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
   RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /etc/puppet/rack/puppetmaster/public
    RackBaseURI /
    <Directory /etc/puppet/rack/puppetmaster/>
      AllowOverride all
     Options -MultiViews
     Require all granted
    </Directory>

</VirtualHost>

保存退出,重启httpd

service puppetmaster stop
chkconfig puppetmaster off
service httpd restart

目录
相关文章
|
4月前
|
tengine 应用服务中间件 网络安全
Debina操作系统如何安装Tengine并开启HTTP2
本指南介绍了Tengine的安装与配置方法。首先下载并解压Tengine源码包,确保依赖项已安装(如pcre、zlib和openssl)。接着运行`./configure`命令进行配置,建议添加`--with-http_v2_module`以启用HTTP/2支持。完成配置后执行`make`编译,再通过`sudo make install`完成安装。为方便使用,可创建符号链接指向Tengine二进制文件。
|
4月前
|
应用服务中间件 nginx
Debina操作系统如何安装OpenResty并开启HTTP2
本文介绍了在Debian服务器上安装OpenResty 1.25.3.2并启用HTTP/2模块的详细步骤。包括下载解压源码、安装依赖项、配置编译参数(指定安装路径与启用HTTP/2模块)、编译安装,以及创建符号链接方便使用。最后提供启动、停止和重新加载配置的命令,并提醒注意安全组设置以确保服务正常访问。
|
4月前
|
安全 应用服务中间件 Linux
Debian操作系统如何安装Nginx并开启HTTP2
本指南介绍了在Linux系统中通过源码编译安装Nginx的完整流程。首先更新软件包列表并安装必要的编译依赖,接着下载指定版本的Nginx源码包(如1.24.0),检查文件完整性后解压。随后通过配置脚本指定安装路径与模块(如HTTP SSL模块),执行编译和安装命令。最后创建软链接以便全局调用,并提供启动、停止及重载Nginx的命令,同时提醒注意安全组设置以确保正常访问。
|
缓存 负载均衡 应用服务中间件
如何在 CentOS 7 上为 NGINX 安装开源 HTTP 加速器:Varnish
如何在 CentOS 7 上为 NGINX 安装开源 HTTP 加速器:Varnish
302 1
如何在 CentOS 7 上为 NGINX 安装开源 HTTP 加速器:Varnish
|
缓存 应用服务中间件 nginx
安装nginx-http-flv-module模块
本文介绍如何为Nginx安装`nginx-http-flv-module`模块。此模块基于`nginx-rtmp-module`二次开发,不仅具备原模块的所有功能,还支持HTTP-FLV播放、GOP缓存、虚拟主机等功能。安装步骤包括:确认Nginx版本、下载相应版本的Nginx与模块源码、重新编译Nginx并加入新模块、验证模块安装成功。特别注意,此模块已包含`nginx-rtmp-module`功能,无需重复编译安装。
959 3
|
机器学习/深度学习 人工智能 文字识别
文本,文字识别02----PaddleOCR基础概念及介绍,安装和使用,人工智能是一种使计算机模仿人类的一种技术,PaddleOCR的安装地址-https://www.paddlepaddle.org
文本,文字识别02----PaddleOCR基础概念及介绍,安装和使用,人工智能是一种使计算机模仿人类的一种技术,PaddleOCR的安装地址-https://www.paddlepaddle.org
|
人工智能
AI绘画,Stable Diffusion如何使用中文简体包,黑色页面切换参数http://127.0.0.1:7860/?__theme=dark 两个__,中文包下载和安装
AI绘画,Stable Diffusion如何使用中文简体包,黑色页面切换参数http://127.0.0.1:7860/?__theme=dark 两个__,中文包下载和安装
|
前端开发 应用服务中间件 网络安全
http转为https,ssl证书安装及nginx配置
http转为https,ssl证书安装及nginx配置
328 1
|
应用服务中间件 Linux 网络安全
Linux【脚本 06】HTTPS转发HTTP安装OpenSSL、Nginx(with-http_ssl_module)及自签名的X.509数字证书生成(一键部署生成脚本分享)
Linux【脚本 06】HTTPS转发HTTP安装OpenSSL、Nginx(with-http_ssl_module)及自签名的X.509数字证书生成(一键部署生成脚本分享)
242 1

推荐镜像

更多