nginx proxy_pass to puppetmaster

asked 2017-04-20 02:35:46 -0500

kluntje gravatar image

Hi,

I want to use nginx to proxy_pass puppet client requests to my puppet master.

My config:

upstream puppetmaster  {
    server 192.168.3.10:8140; # 


}


server {
    listen       192.168.3.200:8140;
    server_name puppetmaster.mydom.de;
    ssl on;
    ssl_certificate         /etc/nginx/ssl/puppet.crt;
    ssl_certificate_key     /etc/nginx/ssl/puppet.key;
    ssl_client_certificate  /etc/nginx/ssl/puppet.ca-crt;
    ssl_crl                 /etc/nginx/ssl/puppet.ca_crl;
    ssl_verify_client       optional;

    access_log  /var/log/nginx/puppetmaster.ssl.log;
    error_log  /var/log/nginx/puppetmaster.ssl.err.log;

    root   /srv/www/htdocs;
    index  index.html index.htm;


    location / {

            proxy_pass  https://puppetmaster;
    proxy_set_header    Host             $host;
    proxy_set_header    X-Real-IP        $remote_addr;
    proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header    X-Client-Verify  $ssl_client_verify;
    proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
    proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
            proxy_redirect      off;
    }


}

But I got this error:

Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 403 on SERVER: {"message":"Not Authorized: Forbidden request: /puppet/v3/node/myhostname [find]","issuekind":"RUNTIMEERROR"}

Any ideas?

edit retag flag offensive close merge delete