Puppet users - Dec 2011 - Does someone have a working config of nginx+passenger for Puppet

Hi,
I tried to adapt the Apache+Passenger donc on the PuppetLabs wiki for
use with nginx+passenger, but something is not working maybe i do not
set the http headers correctly. Did someone made it work ? Can you
share it ? Or is it already posted on the wiki (i did not find so
far) ?

Please don''t ask me why i don''t simply use Apache, this is
because i
use nginx+passenger for another webapp, and best would be to just plug
Puppet to the already running Passenger

Thanks

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

nginx bits...

server {
  server_name puppet;
  listen 8140 default ssl;
  client_max_body_size 10M;
  passenger_enabled on;
  passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
  passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
  root /opt/nginx/html/puppet-production/public;
  ssl_certificate /etc/puppet/ssl/certs/puppet.pem;
  ssl_certificate_key /etc/puppet/ssl/private_keys/puppet.pem;
  ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
  ssl_client_certificate /etc/puppet/ssl/certs/ca.pem;
  ssl_protocols SSLv3 TLSv1;
  ssl_ciphers HIGH:+MEDIUM;
  ssl_prefer_server_ciphers on;
  ssl_verify_client optional;
  ssl_verify_depth 1;
  ssl_session_cache shared:SSL:128m;
  ssl_session_timeout 5m;
}


passenger bits (config.ru)...

$0 = "puppetmasterd"
require ''puppet''

ARGV << "--rack"
ARGV << "--confdir=/etc/puppet.production"
ARGV << "--vardir=/var/puppet.production"
ARGV << "--reportdir=/var/puppet.production/reports"
ARGV << "--ssldir=/etc/puppet/ssl"
ARGV << "--ssl_client_header=SSL_CLIENT_S_DN"
ARGV << "--ssl_client_verify_header=SSL_CLIENT_VERIFY"

require ''puppet/application/puppetmasterd''
run Puppet::Application[:puppetmasterd].run

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I see, that is the "passenger_set_cgi_param" which was missing. I was
using "proxy_set_header" and that was not working. And clearly my
config.ru was missing a lot too, and i had to make symlinks and stuff
to point to my Puppet installation dirs

Thanks a lot,
Alex

On 13 déc, 22:14, windowsrefund <windowsref...@gmail.com>
wrote:
> nginx bits...
>
> server {
>   server_name puppet;
>   listen 8140 default ssl;
>   client_max_body_size 10M;
>   passenger_enabled on;
>   passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
>   passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
>   root /opt/nginx/html/puppet-production/public;
>   ssl_certificate /etc/puppet/ssl/certs/puppet.pem;
>   ssl_certificate_key /etc/puppet/ssl/private_keys/puppet.pem;
>   ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
>   ssl_client_certificate /etc/puppet/ssl/certs/ca.pem;
>   ssl_protocols SSLv3 TLSv1;
>   ssl_ciphers HIGH:+MEDIUM;
>   ssl_prefer_server_ciphers on;
>   ssl_verify_client optional;
>   ssl_verify_depth 1;
>   ssl_session_cache shared:SSL:128m;
>   ssl_session_timeout 5m;
>
> }
>
> passenger bits (config.ru)...
>
> $0 = "puppetmasterd"
> require ''puppet''
>
> ARGV << "--rack"
> ARGV << "--confdir=/etc/puppet.production"
> ARGV << "--vardir=/var/puppet.production"
> ARGV << "--reportdir=/var/puppet.production/reports"
> ARGV << "--ssldir=/etc/puppet/ssl"
> ARGV << "--ssl_client_header=SSL_CLIENT_S_DN"
> ARGV << "--ssl_client_verify_header=SSL_CLIENT_VERIFY"
>
> require ''puppet/application/puppetmasterd''
> run Puppet::Application[:puppetmasterd].run
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.