nginx proxy_pass to puppetmaster

Hi,

I want to use nginx to proxy_pass puppet client requests to my puppet master.

My config:

upstream puppetmaster {
server 192.168.3.10:8140; #
}
server {
listen 192.168.3.200:8140;
server_name puppetmaster.mydom.de;
ssl on;
ssl_certificate /etc/nginx/ssl/puppet.crt;
ssl_certificate_key /etc/nginx/ssl/puppet.key;
ssl_client_certificate /etc/nginx/ssl/puppet.ca-crt;
ssl_crl /etc/nginx/ssl/puppet.ca_crl;
ssl_verify_client optional;

access_log /var/log/nginx/puppetmaster.ssl.log;
error_log /var/log/nginx/puppetmaster.ssl.err.log;

root /srv/www/htdocs;
index index.html index.htm;


location / {

proxy_pass https://puppetmaster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_redirect off;
}
}


My clients get this error message:

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 403 on SERVER: {"message":"Not Authorized: Forbidden request: /puppet/v3/node/myhostname [find]","issue_kind":"RUNTIME_ERROR"}


Can anybody help me?

thx