It works for me too, thank you. It should be added to the wiki. btw, my nginx is 0.8.29.
On 6月9日, 上午12时01分, Dan Carley <dan.car...@gmail.com> wrote: > On 8 June 2010 10:06, Jomo <zhan...@gmail.com> wrote: > > > It works well when I use webrick. The config of nginx is from puppet > > wiki, some logs is below, what's wrong? > > I suspect that it relates to the use of HTTP headers and Puppet not knowing > who the client is from it's certificate. > > The wiki documentation assumes that you're launching puppetmasterd with the > argument `--ssl_client_header=HTTP_X_SSL_SUBJECT`. It does so in order to > maintain configuration compatibility with Pound. But personally, I don't use > Pound and prefer to keep Puppet as vanilla as possible. The following > (exclusive) `proxy_set_header` directives work fine under for me: > > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Client_DN $ssl_client_s_dn; > proxy_set_header X-Client-Verify $ssl_client_verify; > > You don't mention what version of Nginx you're using. They'll need adjusting > suitably for <0.8.x -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
