On 8 June 2010 10:06, Jomo <zhan...@gmail.com> wrote: > It works well when I use webrick. The config of nginx is from puppet > wiki, some logs is below, what's wrong? >
I suspect that it relates to the use of HTTP headers and Puppet not knowing who the client is from it's certificate. The wiki documentation assumes that you're launching puppetmasterd with the argument `--ssl_client_header=HTTP_X_SSL_SUBJECT`. It does so in order to maintain configuration compatibility with Pound. But personally, I don't use Pound and prefer to keep Puppet as vanilla as possible. The following (exclusive) `proxy_set_header` directives work fine under for me: proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Client_DN $ssl_client_s_dn; proxy_set_header X-Client-Verify $ssl_client_verify; You don't mention what version of Nginx you're using. They'll need adjusting suitably for <0.8.x -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.