It works well when I use webrick. The config of nginx is from puppet wiki, some logs is below, what's wrong?
puppet version:0.25.4 client: ... ... debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state/state.yaml]: Changing mode debug: /File[/var/lib/puppet/state/state.yaml]: 1 change(s) debug: /File[/var/lib/puppet/state/state.yaml]/mode: mode changed '640' to '660' debug: Finishing transaction -609821268 with 1 changes debug: Using cached certificate for ca, good until Sat Jun 06 06:20:50 UTC 2015 debug: Using cached certificate for client, good until Sat Jun 06 07:57:22 UTC 2015 debug: Loaded state in 0.00 seconds debug: Using cached certificate for ca, good until Sat Jun 06 06:20:50 UTC 2015 debug: Using cached certificate for client, good until Sat Jun 06 07:57:22 UTC 2015 debug: Using cached certificate_revocation_list for ca, good until debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using pson err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: client access to /catalog/client [find] at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run master: ... ... debug: No modules mount given; autocreating with default permissions debug: No path given for plugins mount; creating a special PluginMount debug: Creating interpreter debug: Finishing transaction -610695708 with 0 changes debug: Finishing transaction -610697798 with 0 changes info: Inserting default '~ ^/catalog/([^/]+)$'(auth) acl because /etc/ puppet/auth.conf doesn't exist info: Inserting default '/file'(non-auth) acl because /etc/puppet/ auth.conf doesn't exist info: Inserting default '/certificate_revocation_list/ca'(auth) acl because /etc/puppet/auth.conf doesn't exist info: Inserting default '/report'(auth) acl because /etc/puppet/ auth.conf doesn't exist info: Inserting default '/certificate/ca'(non-auth) acl because /etc/ puppet/auth.conf doesn't exist info: Inserting default '/certificate/'(non-auth) acl because /etc/ puppet/auth.conf doesn't exist info: Inserting default '/certificate_request'(non-auth) acl because / etc/puppet/auth.conf doesn't exist info: access[/]: defaulting to no access for client warning: Denying access: Forbidden request: client access to /catalog/ client[find] at line 0 /usr/lib/ruby/1.8/puppet/network/rights.rb:79:in `fail_on_deny' /usr/lib/ruby/1.8/puppet/network/rest_authconfig.rb:36:in `allowed?' /usr/lib/ruby/1.8/puppet/network/rest_authorization.rb:21:in `check_authorization' /usr/lib/ruby/1.8/puppet/network/http/handler.rb:66:in `process' /usr/lib/ruby/1.8/mongrel.rb:159:in `process_client' /usr/lib/ruby/1.8/mongrel.rb:158:in `each' /usr/lib/ruby/1.8/mongrel.rb:158:in `process_client' /usr/lib/ruby/1.8/mongrel.rb:285:in `run' /usr/lib/ruby/1.8/mongrel.rb:285:in `initialize' /usr/lib/ruby/1.8/mongrel.rb:285:in `new' /usr/lib/ruby/1.8/mongrel.rb:285:in `run' /usr/lib/ruby/1.8/mongrel.rb:268:in `initialize' /usr/lib/ruby/1.8/mongrel.rb:268:in `new' /usr/lib/ruby/1.8/mongrel.rb:268:in `run' /usr/lib/ruby/1.8/puppet/network/http/mongrel.rb:22:in `listen' /usr/lib/ruby/1.8/puppet/network/server.rb:131:in `listen' /usr/lib/ruby/1.8/puppet/network/server.rb:146:in `start' /usr/lib/ruby/1.8/puppet/daemon.rb:128:in `start' /usr/lib/ruby/1.8/puppet/application/puppetmasterd.rb:122:in `main' /usr/lib/ruby/1.8/puppet/application.rb:226:in `send' /usr/lib/ruby/1.8/puppet/application.rb:226:in `run_command' /usr/lib/ruby/1.8/puppet/application.rb:217:in `run' /usr/lib/ruby/1.8/puppet/application.rb:306:in `exit_on_fail' /usr/lib/ruby/1.8/puppet/application.rb:217:in `run' /usr/sbin/puppetmasterd:66 err: Forbidden request: client access to /catalog/client [find] at line 0 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.