Are you sure you want to be using the passenger_set_cgi_param nginx directive and not proxy_set_header?
The problem definitely seems to be Puppet not picking up the values that should be set in the HTTP_X_CLIENT_VERIFY and HTTP_X_CLIENT_DN request headers. -Jeff On Thu, Jul 12, 2012 at 7:34 AM, Jon Jaroker <goo...@jaroker.com> wrote: > > Hello, I have been stumped by an authentication / certificate problem > and would like to know if anyone has resolved a similar issue. > > My fresh install of Puppet Master 2.7.18 on Debian 6 works normally > when run standalone, using 'puppet master --verbose --no-daemonize'. > > When using nginx-passenger in front of the same puppet master, puppet > fails with the authentication error: '… Forbidden request … access > to /file_metadata/plugins [find] at line 57' > > This failure occurs on the same node that had successfully connected > to Puppet Master when it was run standalone. > > The full log errors are here: http://pastebin.com/KH8Pyyw3 > > I can work-around this authentication error by appending 'allow *' for > 'path /' in the puppet master's auth.conf file. > > Here is the Puppet Master auth.conf file I am using: > http://pastebin.com/Ju0ke3rP > > I don't think this workaround is correct: the default authentication > policy should not allow access to un-authenticated nodes. > > Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0 > > Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE > > Does anyone see what I am doing wrong? I have already tried deleting > and recreating certificates for the agent and master. > > Thank you, > Jon > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
