On Thu, Sep 23, 2010 at 7:40 AM, Jakub Heichman <kuba.heich...@gmail.com> wrote:
> On 29 June, 19:44, Dan Urist <dur...@ucar.edu> wrote:
>> I have this in my puppet.conf:
>>
>> [puppetmasterd]
>> ssl_client_header = SSL_CLIENT_S_DN
>> ssl_client_verify_header = SSL_CLIENT_VERIFY
>> [..]
>> proxy_set_header Host $host;
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For
>
> Hi Dan,
>
> I had the same problem, it looks like 'proxy_set_header' option will
> not have any effect with Passenger module.
> I had to install Passenger 3 (beta) and use 'passenger_set_cgi_param'
> options instead.
This stanza in the front end 8140 server works for me when setting
the client headers in the HTTP request.
This is with nginx 0.7.67 and passenger 2.2.11:
server {
listen 8140 default ssl;
ssl_certificate /var/lib/puppet/ssl/certs/chain.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
ssl_crl /var/lib/puppet/ssl/crl.pem;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:8m;
ssl_session_timeout 5m;
server_name puppet;
location / {
proxy_pass http://puppet-production;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 65;
}
}
--
Jeff McCune
http://www.puppetlabs.com/
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
