chef - [chef] Re: Re: Re: Client/Server secure model

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Re: Client/Server secure model

From: Joshua Timberman < >
To:
Subject: [chef] Re: Re: Re: Client/Server secure model
Date: Tue, 14 Feb 2012 08:51:01 -0700

On Sat, Feb 11, 2012 at 10:24 AM, oscar schneider
< >
wrote:
>
> I think a "standard installation", e.g. from Debian packages in the Opscode
> apt repository, of open source Chef servers is not using https by default,
> but plain http.
>
> Thus if you use Chef on a network where eavesdroppers might hang around, you
> should opt for an SSL proxy, which would additionally encrypt the
> communication, not only sign it. There is a pretty decent tutorial up on the
> Chef wiki.

Yes, exactly. The SSL proxy with Apache tutorial is here:

http://wiki.opscode.com/display/chef/How+to+Proxy+Chef+Server+with+Apache

The latest chef-server cookbook in our github repo has patches to add
support to do this with Nginx as well, and there's some additional
improvements in the cookbook related to SSL proxying. Part of the
release process for the next version of that cookbook will include
additional documentation. You're free to jump into the code and poke
around, of course :-).

--
Opscode, Inc
Joshua Timberman, Technical Program Manager
IRC, Skype, Twitter, Github: jtimberman

[chef] Client/Server secure model, faleiros, 02/07/2012
- [chef] Re: Client/Server secure model, AJ Christensen, 02/07/2012
- [chef] Re: Client/Server secure model, Ranjib Dey, 02/07/2012
  - [chef] Re: Re: Client/Server secure model, oscar schneider, 02/11/2012
    - [chef] Re: Re: Re: Client/Server secure model, Joshua Timberman, 02/14/2012
- [chef] Re: Client/Server secure model, Bryan McLellan, 02/14/2012