I'm working on configuring External TLS/SSL termination using an nginx reverse proxy following instructions here: https://puppet.com/docs/puppet/6/server/external_ssl_termination.html I'm running opensource puppetserver 6.
Has anyone set up two separate webservers on the same puppetserver (example: http: 8141; https: 8140) and successfully configured separate auth.conf for each port? My use-case is that my existing agents are talking to the default puppetserver at 8140. But I want some of my systems existing outside the local network, to connect to the nginx reverse proxy on 443 which gets forwarded to puppetserver:8141. Currently the nginx reverse proxy is authenticating the agents, and then forwarding the traffic and headers to http 8141 that I configured on puppetserver/conf.d/webserver.conf. The trapperkeeper servers start fine on 8140(default) and 8141. But 8141 doesn't appear to have the routes or an auth.conf. When configuring the routes in web-routes.conf, I can't seem to set identical routes but for different servers. It gives either a default: key missing or not route-id error. My envisioned configuration is .. connect to 443 -> get forwarded to 8141 w/ authenticated headers, and external systems get the puppet instructions. Internally agents still connect to 8140 over https and all works without any changes. Is this supported or doable using the same puppetserver in this way? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/30a3249f-defc-4f3d-bad1-8ae154f7ff83n%40googlegroups.com.
