We have to deal with running hosts within our clients’ networks where our only access out is through HTTP proxies. Problem is, many proxies by default don’t allow access to non-standard ports (anything except 80 and 443). As such accessing the puppet-master on 8140 fails. This is a pain, but we have no control over it.
How can I run Foreman’s puppet-master on 443?
I’m running Foreman within AWS so tried adding a load balancer on 443 that targeted the puppet-master on 8140. But I think this fails because the puppet-agents somehow check the cert of the master, not the load balancer.
I have thought about running Foreman only on port 80, and then putting a load balancer in front of that on a different address with its own SSL certificate but I see the foreman Apache setup is designed to handle client certificates. So that would break. But I’m not sure if that’s a problem for my situation. If Foreman’s not running on 443 then I could run the puppet-master on 443 (or just pipe 443 to 8140).
I could also run another puppet-master on a separate host, and run that one on 443. But I’m not sure how then to set hosts that Foreman creates to use the alternate puppet-master and the 443 port instead of 8140.
I just don’t know enough about the restrictions / requirements for Foreman and Puppet with SSL to be able to know what is a viable option.
Any suggestions or pointers appreciated.
I can see this has been asked a few years ago: Configure puppet-master on 443 rather then 8140 But there was no response.
Thanks in advance.