Puppet????Nginx?????????????

????5??????????puppet????????????????nginx.conf???????????????

user www;
worker_processes    8;
events {
        worker_connections    65535;
}

http {
        include             mime.types;
        default_type    application/octet-stream;

        sendfile                on;
        tcp_nopush         on;

        keepalive_timeout    65;
        #????puppet????????puppet-server????????
        log_format main '$remote_addr - $remote_user [$time_local] "$request" $request_length $request_time $time_local'
                                                '$status $body_bytes_sent $bytes_sent $connection $msec "$http_referer" '
                                                '"$http_user_agent" $http_x_forwarded_for $upstream_response_time $upstream_addr $upstream_status ';
        access_log    /usr/local/nginx/logs/access.log    main;

        upstream puppetmaster {
                server 127.0.0.1:8141;
                server 127.0.0.1:8142;
                server 127.0.0.1:8143;
                server 127.0.0.1:8144;
                server 127.0.0.1:8145;
                }

        server {
        listen 8140;
        root /etc/puppet;
        ssl on;
        ssl_session_timeout 5m;
        #?????puppetmaster?????????????   
        ssl_certificate /var/lib/puppet/ssl/certs/server.cn7788.com.pem;
        ssl_certificate_key /var/lib/puppet/ssl/private_keys/server.cn7788.com.pem;
        ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
        ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
        ssl_verify_client optional;
        #File sections
        location /production/file_content/files/ {
        types { }
        default_type application/x-raw;
        #????puppet????·??????
        alias /etc/puppet/files/;
        }
        # Modules files sections
        location ~ /production/file_content/modules/.+/ {
        root /etc/puppet/modules;
        types { }
        default_type application/x-raw;
        rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;
        }
        location / {
        ##?????????puppetmaster???????
        proxy_pass http://puppetmaster;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Client-Verify $ssl_client_verify;
        proxy_set_header X-SSL-Subject $ssl_client_s_dn;
        proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
        proxy_buffer_size 10m;
        proxy_buffers 1024 10m;
        proxy_busy_buffers_size 10m;
        proxy_temp_file_write_size 10m;
        proxy_read_timeout 120;
     }
}
}