I think the best starting point is to read this article:

It explains the entire process. You could use squid to intercept incoming
requests, decrypt, then reencrypt with backend headers.
On Monday, August 20, 2012 10:09:21 AM UTC-7, opoplawski wrote:

What I ended up doing is setting up a second passenger config that only
accepts connections from the proxy. This config does *not* set "SSLOption
+StdEnvVars" and instead sets the SSL_CLIENT* variables based on the proxy
headers. It also is configured to only accept authenticated connections
from the proxy.
On Friday, August 17, 2012 5:00:08 PM UTC-6, opoplawski wrote:

I've configured our DMZ apache webserver to proxy connections from our
roaming users into our internal puppet master running under
passenger/apache. Everything is pretty much working but because I am using
SSL between the proxy server and the puppet master, the master treats the
connection as authenticated as the proxy. My current work around is to
allow access to all catalog and node items to the proxy server in
auth.conf. I'd like to try to get the master to use the ssl authentication
information passed by the proxy as the authentication for the connection
but so far have been completely unsuccessful. Does anyone know how this
can be done? I've been poking around the code a bit but I haven't been
able to find out where the authenticated host information comes from, and
I've unable to modify anything in the apache configuration to change this.


You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/hoFU_yD0aYIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 5 of 5 | next ›
Discussion Overview
grouppuppet-users @
postedAug 17, '12 at 11:02p
activeAug 20, '12 at 6:17p

3 users in discussion

Opoplawski: 3 posts Kp-v: 1 post Calvin Walton: 1 post



site design / logo © 2022 Grokbase