My working setup:
puppet.conf [master] section has the following:
> # Passenger SSL envvars
> ssl_client_header = SSL_CLIENT_S_DN
> ssl_client_verify_header = SSL_CLIENT_VERIFY
applicable parts of nginx.conf:
> env PATH
>
[...]
> http {
>
[...]
>
> passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.2;
> passenger_ruby /usr/bin/ruby;
>
> server {
> listen 8140;
> server_name _;
>
> access_log /var/log/nginx/puppetmaster.log;
> error_log /var/log/nginx/puppetmaster_error.log;
>
> ssl on;
> ssl_certificate /var/lib/puppet/ssl/certs/[PUPPETMASTERFQDN].pem;
> ssl_certificate_key
> /var/lib/puppet/ssl/private_keys/[PUPPETMASTERFQDN].pem;
> ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
> ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
> ssl_protocols SSLv3 TLSv1;
> ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
> ssl_verify_client optional;
>
> root /etc/puppet/rack/public;
> passenger_enabled on;
> passenger_min_instances 2;
>
> passenger_set_cgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
> passenger_set_cgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
> }
No custom config.ru stuff here, just ARGV << "--rack".
Eric
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
