Hey folks,
We're on the verge of deploying puppet into production so have changed
from using webrick to mongrel with an apache reverse proxy. The nodes
were behind a NAT firewall under webrick but it didnt seem to mind,
however something isnt right with my reverse proxy configuration and I
cant figure out what.
Clients can connect, have their certificate signed ok, but when it
try's to retrieve the catalog we get:
Error 403 on SERVER: Forbidden request: router.x.x.x(1.1.1.1) - IE,
the NAT device local to the puppetmaster, rather than the node name.
puppetmaster is configured with ssl_client_header = HTTP_X_CLIENT_DN,
and apache is setting that header to the S_DN ( RequestHeader set X-
Client-DN %{SSL_CLIENT_S_DN}e ) - does the fact that the reverse
lookup of the nat router does not match the fqdn of the node matter in
this configuration? It didn't with webrick.
Cheers,
Darren
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
