----- "Dan Carley" <dan.car...@gmail.com> a écrit : | On 8 June 2010 10:06, Jomo < zhan...@gmail.com > wrote: | | | It works well when I use webrick. The config of nginx is from puppet | wiki, some logs is below, what's wrong? | | | | I suspect that it relates to the use of HTTP headers and Puppet not | knowing who the client is from it's certificate. | | | The wiki documentation assumes that you're launching puppetmasterd | with the argument `--ssl_client_header=HTTP_X_SSL_SUBJECT`. It does so | in order to maintain configuration compatibility with Pound. But | personally, I don't use Pound and prefer to keep Puppet as vanilla as | possible. The following (exclusive) `proxy_set_header` directives work | fine under for me: | | | | proxy_set_header Host $host; | proxy_set_header X-Real-IP $remote_addr; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Client_DN $ssl_client_s_dn; | proxy_set_header X-Client-Verify $ssl_client_verify; | | | You don't mention what version of Nginx you're using. They'll need | adjusting suitably for <0.8.x
I also allow 127.0.0.1 in fileserver.conf (puppetmaster sees connection from localhost, due to nginx proxying) Nico. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
