Ah yes, that was probably the issue, forgot to sue a2enmod for rewriterule! Appreciate your input on this.
-Zane On Tue, Mar 12, 2013 at 9:40 PM, Ken Barber <[email protected]> wrote: > Great! I'm more of a fan of RewriteRule because when you're mixing it > with rewrites the ordering is more obvious, but in this case ProxyPass > works well enough. Looks like you're using Debian, do you have to use > a2enmod perhaps to get RewriteRule to work? > > Either way thanks for sharing the config that works for you. > > ken. > > On Tue, Mar 12, 2013 at 9:11 PM, Zane Williamson > <[email protected]> wrote: > > Good call. The advice was wise! I had some issues using RewriteEngine > > (probably how I have Apache setup), but instead with with ProxyPass and > it > > is working well. > > > > <VirtualHost *:80> > > ProxyPass / http://localhost:8080/ > > <Location /> > > AuthType basic > > AuthName "Restrited Files" > > AuthBasicProvider file > > AuthUserFile /etc/apache2/passw > > Require valid-user > > </Location> > > </VirtualHost> > > > > On Tuesday, March 12, 2013 10:40:01 AM UTC-7, Ken Barber wrote: > >> > >> I think most people are implementing either an Apache or NGinx proxy > >> in front of PuppetDB for this purpose. > >> > >> For Apache, should be pretty easy to do with proxy based RewriteRule's > >> in Apache, and within the same virtualhost definition you should be > >> able to enforce authentication. For example: > >> > >> <VirtualHost *:80> > >> RewriteEngine on > >> RewriteRule /(.*) http://localhost:8080/$1 [P,L] > >> > >> <Location /> > >> AuthType Basic > >> AuthName "Restricted Files" > >> AuthBasicProvider file > >> AuthUserFile /etc/httpd/basic.pwd > >> Require user ken > >> </Location> > >> </VirtualHost> > >> > >> This is at least a start anyway. More custom redirections and handling > >> can be rolled obviously. > >> > >> ken. > >> > >> On Tue, Mar 12, 2013 at 8:50 AM, Zane Williamson > >> <[email protected]> wrote: > >> > Hi All, > >> > > >> > Has anyone figured out a nice way to restrict user access to > puppetdb's > >> > http > >> > web interface? Such as a .htaccess method or something similar? I > >> > would > >> > prefer something along > >> > those lines instead of setting up firewall rules. > >> > > >> > -Zane > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Puppet Users" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to [email protected]. > >> > To post to this group, send email to [email protected]. > >> > Visit this group at http://groups.google.com/group/puppet-users?hl=en > . > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/ibkfqZHEAdY/unsubscribe?hl=en > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Zane -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
