Be aware that although Chef uses RSA asymetric keys for client
authentication, the chef-client / knife traffic is unencrypted.
I strongly recommend that you put something (ELB, Apache, Nginx, HAProxy >
1.5, etc) in front of your chef server with SSL to proxy your API/WebUI
Doing this also enables you to control what port your chef-server-api
process is available to the outside world on. You’ll almost certainly want
to run more than one chef-server-api process, and putting a load-balancer
type proxy in front of your API processes will also ease scaling.
On Thu, Oct 11, 2012 at 4:20 PM, Autif Khan firstname.lastname@example.org wrote:
On Thu, Oct 11, 2012 at 12:33 PM, Bridger Larson
I am fairly new to chef and I am trying to figure out where to place my
I am using opensource chef and I am wondering if there is an issue with
chef server being outside of my firewall so my AWS servers can contact it
and my servers inside my firewall will be able to access it. My chef
workstations will also be inside the firewall. Would this cause any
problems with my nodes contacting the chef server? Are there any
or disadvantages to putting my chef server in AWS?
Our open source chef server is in AWS, we have set it up so that ports
4000 and 4040 are open (in addition to 22 to server management)
We can talk to chef server because our firewall allows us to open any
Some companies (Sony, many Financial companies) do not allow any
traffic except HTTP over port 80, is that is the case with your
company’s firewall, then you are out of luck.
All the best.