wiki is right, I forgot this: ssl_client_header = HTTP_X_SSL_SUBJECT On 6月9日, 上午10时21分, Jomo <zhan...@gmail.com> wrote: > It works for me too, thank you. > It should be added to the wiki. > > btw, my nginx is 0.8.29. > > On 6月9日, 上午12时01分, Dan Carley <dan.car...@gmail.com> wrote: > > > On 8 June 2010 10:06, Jomo <zhan...@gmail.com> wrote: > > > > It works well when I use webrick. The config of nginx is from puppet > > > wiki, some logs is below, what's wrong? > > > I suspect that it relates to the use of HTTP headers and Puppet not knowing > > who the client is from it's certificate. > > > The wiki documentation assumes that you're launching puppetmasterd with the > > argument `--ssl_client_header=HTTP_X_SSL_SUBJECT`. It does so in order to > > maintain configuration compatibility with Pound. But personally, I don't use > > Pound and prefer to keep Puppet as vanilla as possible. The following > > (exclusive) `proxy_set_header` directives work fine under for me: > > > proxy_set_header Host $host; > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header X-Client_DN $ssl_client_s_dn; > > proxy_set_header X-Client-Verify $ssl_client_verify; > > > You don't mention what version of Nginx you're using. They'll need adjusting > > suitably for <0.8.x
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
