Bug #28696
Updated by Justin Sherrill about 5 years ago
The following configuration needs to occur Currently the pulp3_content_url set in order for katello /etc/foreman-proxy/settings.d/pulp3.yml points to properly connect https://HOSTNAME/pulp/contnet/ but the intent was to point to the content app serving a docker registry: <pre> <Location /pulpcore_registry/v2/> SSLRequire %{SSL_CLIENT_S_DN_CN} eq "admin" </Location> ProxyPass /pulpcore_registry/v2/ http://127.0.0.1:24816/v2/ ProxyPassReverse /pulpcore_registry/v2 http://127.0.0.1:24816/v2 </pre> Note, hostname/port that this requires this PR to actually work in its available at internally. This allows katello https://github.com/Katello/katello/pull/8499 The idea behind this change is that katello will use its own pulp client certs to authenticate with the /pulpcore_registry/ endpoint which will require a signed cert with a CN of 'admin'. It will then proxy the request through registry requests to the pulp content app app. So for example, we currently expect it to point to http://localhost:24816/