Darren Worrall
2010-Aug-10 16:22 UTC
[Puppet Users] 403 after changing from webrick to mongrel
Hey folks,
We''re on the verge of deploying puppet into production so have changed
from using webrick to mongrel with an apache reverse proxy. The nodes
were behind a NAT firewall under webrick but it didnt seem to mind,
however something isnt right with my reverse proxy configuration and I
cant figure out what.
Clients can connect, have their certificate signed ok, but when it
try''s to retrieve the catalog we get:
Error 403 on SERVER: Forbidden request: router.x.x.x(1.1.1.1) - IE,
the NAT device local to the puppetmaster, rather than the node name.
puppetmaster is configured with ssl_client_header = HTTP_X_CLIENT_DN,
and apache is setting that header to the S_DN ( RequestHeader set X-
Client-DN %{SSL_CLIENT_S_DN}e ) - does the fact that the reverse
lookup of the nat router does not match the fqdn of the node matter in
this configuration? It didn''t with webrick.
Cheers,
Darren
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.