On 8 June 2010 10:06, Jomo <zhan...@gmail.com> wrote:
> It works well when I use webrick. The config of nginx is from puppet
> wiki, some logs is below, what's wrong?
>
I suspect that it relates to the use of HTTP headers and Puppet not knowing
who the client is from it's certificate.
The wiki documentation assumes that you're launching puppetmasterd with the
argument `--ssl_client_header=HTTP_X_SSL_SUBJECT`. It does so in order to
maintain configuration compatibility with Pound. But personally, I don't use
Pound and prefer to keep Puppet as vanilla as possible. The following
(exclusive) `proxy_set_header` directives work fine under for me:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client_DN $ssl_client_s_dn;
proxy_set_header X-Client-Verify $ssl_client_verify;
You don't mention what version of Nginx you're using. They'll need adjusting
suitably for <0.8.x
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
