I have this in my puppet.conf:
[puppetmasterd]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
I've tried various settings in my nginx config, but currently have this:
server {
listen 8140;
passenger_enabled on;
ssl on;
ssl_certificate /var/lib/puppet/ssl/certs/myserver.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/myserver.pem;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
server_name tpuppet.ucar.edu;
root /etc/puppet/rack/public;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for; proxy_set_header
X-Client_DN $ssl_client_s_dn; proxy_set_header
X-Client-Verify $ssl_client_verify;
}
The error I'm getting is "Error 403 on SERVER: Forbidden request".
FWIW, I have an apache config that works on the same server; I'd rather
use nginx if possible, though.
On Tue, 29 Jun 2010 17:10:28 +0100
Alex Howells <li...@howells.me> wrote:
> On 28 June 2010 23:03, Dan Urist <dur...@ucar.edu> wrote:
> > Has anyone gotten puppetmaster running under nginx with passenger?
> > I've tried various permutations of setting headers in the nginx
> > config file, but am still getting "Forbidden request" errors from
> > the client.
>
> I've had it working that way before but went back to Apache after
> tinkering.
>
> If you can paste your configuration that might be helpful.
>
--
Dan Urist
dur...@ucar.edu
303-497-2459
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
