Sorry for the late answer, my provider had a downtime this weekend. >> Tough call. There is no such thing as a "transparent SSL proxy" afaik, >> because without decrypting requests, the proxy cannot make any header >> based decisions. >> >> This may well be a dead end then. > > Ah. See below for a different idea then. > >> If such an approach is at all possible, the complete implementation >> would include giving the proxy the means to recognize valid client >> certificates. > > The proxy can and is recognizing valid certificates. The problem is passing > that information on to the puppetmaster because I really don't know how to do > that. I also don't know exactly which headers the puppetmaster uses. > > I'm thinking that if I do this, I need to remove the SSL from the file server > VirtualHost and just pass the information directly through.
Hm, no good. This is just the "transparent SSL proxying I'm afraid is not at all possible (at least while still making use of the request URI to decide on the backend HTTP server). >> Even if this should work - is it work all that hassle? > > This is a much better question. I'm going to work on it a little more though. The weird thing is: This might as well work, because you proxy pass to https://localhost... That means that your proxy actually reencrypts the requests (or should do that, at least). Are you seeing requests at the backend Apache now? Does puppet show any reaction to that? Are you performing basic tests using wget on distinct URLs that should be served by this setup? Regards, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
