Using this module to deploy puppetexplorer on host that's not puppetdb

[treydock]

In my infrastructure my PuppetDB host is only available on our private LAN. I would like to deploy puppetexplorer on our dedicated web server, but am unsure exactly how the necessary headers mentioned in the documentation would be setup using this module. Any examples of how this would be deployed to a separate server that's not hosting puppetdb?

Thanks,

• Trey

[dalen]

Basically you would need to either have a proxy that exposes the necessary parts of the API (the query parts, not the commands endpoint) from the PuppetDB host without authentication.

Or you would need to configure the apache proxy on the puppet explorer host to do SSL auth against puppetDB. This should be possible using http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile and http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile

But then you would need a SSL cert that is valid for authenticating against PuppetDB, which normally the puppet agent SSL cert would be.

Currently there is no support for doing this in the module apart from configuring it using a custom_fragment to the apache::vhost. But it would be good if we could automate this properly.

[treydock]

@dalen, thanks for the information. Would it be possible to install puppetexplorer using the module supported method on the PuppetDB host then ProxyPass (or some other Apache method) all connections from a web server to puppetexplorer? I'm trying to find a way to utilize Puppetexplorer in the way best supported (on PuppetDB host) but still keeping my PuppetDB host from our public LAN.

[AlexeiKlimenko]

Hello. Have you resolve this issue?