Advertisement
Guest User

Untitled

a guest
Jan 7th, 2013
41
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.69 KB | None | 0 0
  1. nginx.conf
  2.  
  3. upstream puppet-master {
  4. server 127.0.0.1:8140;
  5. }
  6. server {
  7. server_name puppet-master.example.com;
  8. #default_type application/octet-stream;
  9. sendfile on;
  10. tcp_nopush on;
  11. keepalive_timeout 65;
  12. tcp_nodelay on;
  13. ssl on;
  14. ssl_certificate /etc/puppet/ssl/certs/puppet-master.example.pem;
  15. ssl_certificate_key /etc/puppet/ssl/private_keys/puppet-master.example.com.pem;
  16. ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem;
  17. #ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
  18. ssl_ciphers SSLv2:-LOW:-EXPORT:DHE-RSA-AES256-SHA;
  19. ssl_session_cache shared:SSL:8m;
  20. ssl_session_timeout 5m;
  21. listen 443;
  22. ssl_verify_client optional;
  23. root /var/empty;
  24. access_log /var/log/nginx/access-puppet.log;
  25.  
  26. types { }
  27. default_type application/x-raw;
  28. location / {
  29. proxy_pass https://puppet-master;
  30. proxy_redirect off;
  31. proxy_set_header Host $host;
  32. proxy_set_header X-Real-IP $remote_addr;
  33. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  34. proxy_set_header X-Client-Verify SUCCESS;
  35. proxy_set_header X-SSL-Subject $ssl_client_s_dn;
  36. proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
  37. proxy_read_timeout 65;
  38. }
  39. }
  40.  
  41.  
  42. puppet client :
  43.  
  44. [...]
  45. err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
  46. [...]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement