chef - [chef] Authentication errors for requests through Apache HTTPS proxy

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Authentication errors for requests through Apache HTTPS proxy

From: Janne Liuhtonen < >
To:
Subject: [chef] Authentication errors for requests through Apache HTTPS proxy
Date: Tue, 15 May 2012 11:52:55 +0300

Hi,

I'm trying to proxy the connection to chef-server with Apache and
mod_proxy. The proxy seems to work, I get the Chef server API front
page displayed correctly and for example "knife client list" works.
Uploading new data or updating existing data however doesn't work and
I'm 403 errors. Example:

$ knife role from file roles/base.rb
ERROR: You authenticated successfully to https://my.chef.server.com as
liuhtonen but you are not authorized for this action
Response:  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /roles/base
on this server.</p>
</body></html>

or with verbose output:

$ knife role from file roles/base.rb -VV
DEBUG: Using configuration from /home/liuhtonen/.chef/knife.rb
DEBUG: Signing the request as liuhtonen
DEBUG: Sending HTTP Request via PUT to my.chef.server.com:443/roles/base
/usr/lib/ruby/1.8/net/http.rb:2105:in `error!': 403 "Forbidden"
(Net::HTTPServerException)
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/rest.rb:245:in
`api_request'
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/rest.rb:296:in
`retriable_rest_request'
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/rest.rb:226:in
`api_request'
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/rest.rb:130:in
`put_rest'
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/role.rb:282:in
`save'
        from
/usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/knife/role_from_file.rb:41:in
`run'
        from
/usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/knife/role_from_file.rb:38:in
`each'
        from
/usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/knife/role_from_file.rb:38:in
`run'
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/knife.rb:391:in
`run_with_pretty_exceptions'
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/knife.rb:166:in
`run'
        from
/usr/lib/ruby/gems/1.8/gems/chef-0.10.8/lib/chef/application/knife.rb:128:in
`run'
        from /usr/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/knife:25
        from /usr/bin/knife:19:in `load'
        from /usr/bin/knife:19

Apache configuration:

<VirtualHost *:443>
  ServerName my.chef.server.com

  DocumentRoot /usr/lib64/ruby/gems/1.8/gems/chef-server-api-0.10.8/public

  SSLEngine on
  SSLCertificateFile /etc/certs/chef/chef-server.crt
  SSLCertificateKeyFile /etc/certs/chef/chef-server.key
  RequestHeader set X_FORWARDED_PROTO 'https'

  AllowEncodedSlashes   on

  RewriteEngine on
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule ^/(.*)$ http://127.0.0.1:4000/$1 [P]

  ErrorLog logs/chef_error_log
  TransferLog logs/chef_access_log
  LogLevel info

</VirtualHost>

Using chef server with port 4000 directly works without any problems.

Any clues what might cause this?

[chef] Authentication errors for requests through Apache HTTPS proxy, Janne Liuhtonen, 05/15/2012
- [chef] Re: Authentication errors for requests through Apache HTTPS proxy, Vladimir Girnet, 05/15/2012
- [chef] Re: Authentication errors for requests through Apache HTTPS proxy, Peter Donald, 05/15/2012