chef - [chef] Re:

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re:

From: Matt Rohrer < >
To:
Subject: [chef] Re:
Date: Thu, 1 Aug 2013 10:13:04 +0200

On 08/01, Andy Gale wrote:
> Hi all,
>
> I've just inherited an old open source Chef server 0.10.8. It's left
> exposed to the world poor thing and I fear for it's safety. It would be a
> very good idea to put Nginx in front of it I think.
>
> Does anyone have any howtos? I'd like to do it soon rather than later!

Hi Andy,

Yes, you definitely want to protect the webui. You can configure nginx
to proxy to it like any other upstream app.

There's an example at
https://github.com/opscode-cookbooks/chef-server/blob/0.99.12/templates/default/chef_server.nginx.conf.erb

The API calls are all signed and (AFAIK) encrypted so leaving that
"exposed" isn't a huge issue, though if you can limit access to certain
IPs that's of course prefered.

Regards,
Matt

--
Matt Rohrer //

http://finitesoup.com

[chef], Andy Gale, 08/01/2013
- [chef] Re:, Matt Rohrer, 08/01/2013
  - [chef] Re:, Steffen Gebert, 08/01/2013
    - [chef] Re: Re:, Jesse Campbell, 08/01/2013
      - [chef] Re: Re: Re:, Andy Gale, 08/02/2013