Hi,
want to use nginx to proxy_pass the clientrequest to my puppetmaster.
This is my config:
upstream puppetmaster {
server 192.168.3.10:8140; #
}
server {
listen 192.168.3.200:8140;
server_name puppetmaster.mydom.de;
ssl on;
ssl_certificate /etc/nginx/ssl/puppet.crt;
ssl_certificate_key /etc/nginx/ssl/puppet.key;
ssl_client_certificate /etc/nginx/ssl/puppet.ca-crt;
ssl_crl /etc/nginx/ssl/puppet.ca_crl;
ssl_verify_client optional;
access_log /var/log/nginx/puppetmaster.ssl.log;
error_log /var/log/nginx/puppetmaster.ssl.err.log;
root /srv/www/htdocs;
index index.html index.htm;
location / {
proxy_pass https://puppetmaster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_redirect off;
}
}
I got this error:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 403 on SERVER: {"message":"Not Authorized: Forbidden request: /puppet/v3/node/myhostname [find]","issue_kind":"RUNTIME_ERROR"}
I have no idea what the problem is.
thx
snoop
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
The configuration of your server block is most likely why you’re receiving errors.
With your current configuration, you’re listening on the same port that your proxying, so the request doesn’t actually get passed through to your application.
A standard setup would be to listen on ports 80 (HTTP) and 443 (HTTPS) and then proxy to request to your application.
If we modify your configuration to use that sort of setup, it’d look something like this:
upstream puppetmaster {
server 192.168.3.10:8140;
}
server {
listen 80;
server_name puppetmaster.mydom.de;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name puppetmaster.mydom.de;
ssl on;
ssl_certificate /etc/nginx/ssl/puppet.crt;
ssl_certificate_key /etc/nginx/ssl/puppet.key;
ssl_client_certificate /etc/nginx/ssl/puppet.ca-crt;
ssl_crl /etc/nginx/ssl/puppet.ca_crl;
ssl_verify_client optional;
access_log /var/log/nginx/puppetmaster.ssl.log;
error_log /var/log/nginx/puppetmaster.ssl.err.log;
root /srv/www/htdocs;
index index.html index.htm;
location / {
proxy_pass http://puppetmaster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_redirect off;
}
}
What the above does is accept requests on Port 80 (standard HTTP port), redirect them to 443 (HTTPS), and once the request is received, proxies it to port 8140 (your application).
So what that boils down to is, requests to puppetmaster.mydom.de get redirected to https://puppetmaster.mydom.de which then proxies to your application.
https://puppetmaster.mydom.de will be the access point and your application would then handle the requests.
Of course, this is just an example using your configuration.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.