I see, that is the "passenger_set_cgi_param" which was missing. I was
using "proxy_set_header" and that was not working. And clearly my
config.ru was missing a lot too, and i had to make symlinks and stuff
to point to my Puppet installation dirs
Thanks a lot,
Alex
On 13 déc, 22:14, windowsrefund <windowsref...@gmail.com> wrote:
> nginx bits...
>
> server {
> server_name puppet;
> listen 8140 default ssl;
> client_max_body_size 10M;
> passenger_enabled on;
> passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
> passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
> root /opt/nginx/html/puppet-production/public;
> ssl_certificate /etc/puppet/ssl/certs/puppet.pem;
> ssl_certificate_key /etc/puppet/ssl/private_keys/puppet.pem;
> ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
> ssl_client_certificate /etc/puppet/ssl/certs/ca.pem;
> ssl_protocols SSLv3 TLSv1;
> ssl_ciphers HIGH:+MEDIUM;
> ssl_prefer_server_ciphers on;
> ssl_verify_client optional;
> ssl_verify_depth 1;
> ssl_session_cache shared:SSL:128m;
> ssl_session_timeout 5m;
>
> }
>
> passenger bits (config.ru)...
>
> $0 = "puppetmasterd"
> require 'puppet'
>
> ARGV << "--rack"
> ARGV << "--confdir=/etc/puppet.production"
> ARGV << "--vardir=/var/puppet.production"
> ARGV << "--reportdir=/var/puppet.production/reports"
> ARGV << "--ssldir=/etc/puppet/ssl"
> ARGV << "--ssl_client_header=SSL_CLIENT_S_DN"
> ARGV << "--ssl_client_verify_header=SSL_CLIENT_VERIFY"
>
> require 'puppet/application/puppetmasterd'
> run Puppet::Application[:puppetmasterd].run
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
