On 6/21/18 5:53 AM, jcbollinger wrote:
On Wednesday, June 20, 2018 at 7:54:20 AM UTC-5, Jakov Sosic wrote:
Hi guys,
[root@host ~]# cat /etc/puppetlabs/puppetserver/conf.d/webserver.conf
webserver: {
access-log-config: /etc/puppetlabs/puppetserver/request-logging.xml
client-auth: want
ssl-host: 0.0.0.0
ssl-port: 8140
}
I wonder if it's possible, and if yes, how, to set ssl-host to two
IP addreses / interfaces?
I don't want puppet to listen on 0.0.0.0, cause I have 3 interfaces.
To the best of my knowledge, your options are
* bind to /all/ of the machine's addresses
* bind to one specific address
* run multiple puppetserver instances
If you want to exclude one interface out of several then perhaps it
would be easier to handle that at a different level. For example, let
puppetserver bind to all addresses, but use your firewall to block
service at those addresses where you don't want to receive catalog requests.
John
I had a slightly different use case, but ended up putting Apache in
front of Puppetserver to get the same behavior.
https://puppet.com/docs/puppetserver/5.3/external_ssl_termination.html
Ramin
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/411d73ad-da98-1283-da40-856bbb469d90%40badapple.net.
For more options, visit https://groups.google.com/d/optout.
