- From: Joshua Timberman <
>
- To:
- Subject: [chef] Re: Re: Re: Client/Server secure model
- Date: Tue, 14 Feb 2012 08:51:01 -0700
On Sat, Feb 11, 2012 at 10:24 AM, oscar schneider
<
>
wrote:
>
>
I think a "standard installation", e.g. from Debian packages in the Opscode
>
apt repository, of open source Chef servers is not using https by default,
>
but plain http.
>
>
Thus if you use Chef on a network where eavesdroppers might hang around, you
>
should opt for an SSL proxy, which would additionally encrypt the
>
communication, not only sign it. There is a pretty decent tutorial up on the
>
Chef wiki.
Yes, exactly. The SSL proxy with Apache tutorial is here:
http://wiki.opscode.com/display/chef/How+to+Proxy+Chef+Server+with+Apache
The latest chef-server cookbook in our github repo has patches to add
support to do this with Nginx as well, and there's some additional
improvements in the cookbook related to SSL proxying. Part of the
release process for the next version of that cookbook will include
additional documentation. You're free to jump into the code and poke
around, of course :-).
--
Opscode, Inc
Joshua Timberman, Technical Program Manager
IRC, Skype, Twitter, Github: jtimberman
Archive powered by MHonArc 2.6.16.