My working setup: puppet.conf [master] section has the following:
> # Passenger SSL envvars > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY applicable parts of nginx.conf: > env PATH > [...] > http { > [...] > > passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.2; > passenger_ruby /usr/bin/ruby; > > server { > listen 8140; > server_name _; > > access_log /var/log/nginx/puppetmaster.log; > error_log /var/log/nginx/puppetmaster_error.log; > > ssl on; > ssl_certificate /var/lib/puppet/ssl/certs/[PUPPETMASTERFQDN].pem; > ssl_certificate_key > /var/lib/puppet/ssl/private_keys/[PUPPETMASTERFQDN].pem; > ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; > ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; > ssl_protocols SSLv3 TLSv1; > ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; > ssl_verify_client optional; > > root /etc/puppet/rack/public; > passenger_enabled on; > passenger_min_instances 2; > > passenger_set_cgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; > passenger_set_cgi_param SSL_CLIENT_VERIFY $ssl_client_verify; > } No custom config.ru stuff here, just ARGV << "--rack". Eric -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.