On Friday, May 27, 2016 21:10 CEST, Sebastian Reitenbach <[email protected]> wrote:
> CVSROOT: /cvs > Module name: ports > Changes by: [email protected] 2016/05/27 13:10:39 > > Modified files: > sysutils/ruby-puppet/3: Makefile > Added files: > sysutils/ruby-puppet/3/patches: > > patch-lib_puppet_network_http_rack_rest_rb > patch-lib_puppet_ssl_certificate_rb > > Log message: > Make trusted facts work with the webrick server as well as make them > available when using ruby unicorn behind apache or nginx. > > Using unicorn behind apache you need to add header: > > RequestHeader set X-SSL-Client-Cert %{SSL_CLIENT_CERT}e > > Using unicorn behind nginx, you need to run nginx-lua flavor, then > you need: > > location / { > > set_by_lua $client_cert "return ngx.var.ssl_client_raw_cert:gsub('\\n',' ')"; To actually allow clients to push a CSR, you need this in the lua snippet: set_by_lua $client_cert "if ngx.var.ssl_client_raw_cert then return ngx.var.ssl_client_raw_cert:gsub('\\n',' ') end"; > > proxy_set_header X-SSL-Client-Cert $client_cert; > > } > > OK jasper@ (MAINTAINER)
