On 6/21/18 5:53 AM, jcbollinger wrote:
On Wednesday, June 20, 2018 at 7:54:20 AM UTC-5, Jakov Sosic wrote:
Hi guys,
[root@host ~]# cat /etc/puppetlabs/puppetserver/conf.d/webserver.conf
webserver: {
access-log-config: /etc/puppetlabs/puppetserver/request-logging.xml
client-auth: want
ssl-host: 0.0.0.0
ssl-port: 8140
}
I wonder if it's possible, and if yes, how, to set ssl-host to two
IP addreses / interfaces?
I don't want puppet to listen on 0.0.0.0, cause I have 3 interfaces.
To the best of my knowledge, your options are
* bind to /all/ of the machine's addresses
* bind to one specific address
* run multiple puppetserver instances
If you want to exclude one interface out of several then perhaps it
would be easier to handle that at a different level. For example, let
puppetserver bind to all addresses, but use your firewall to block
service at those addresses where you don't want to receive catalog requests.
John
I had a slightly different use case, but ended up putting Apache in
front of Puppetserver to get the same behavior.
https://puppet.com/docs/puppetserver/5.3/external_ssl_termination.html
Ramin
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/411d73ad-da98-1283-da40-856bbb469d90%40badapple.net.
For more options, visit https://groups.google.com/d/optout.
