[openstack-dev] [TripleO] proxying SSL traffic for API requests
stuart.mclaren at hp.com
stuart.mclaren at hp.com
Wed Mar 26 13:49:10 UTC 2014
Just spotted the openstack-ssl element which uses 'stunnel'...
On Wed, 26 Mar 2014, stuart.mclaren at hp.com wrote:
> All,
>
> I know there's a preference for using a proxy to terminate
> SSL connections rather than using the native python code.
>
> There's a good write up of configuring the various proxies here:
>
> http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html
>
> If we're not using native python SSL termination in TripleO we'll
> need to pick which one of these would be a reasonable choice for
> initial https support.
>
> Pound may be a good choice -- its lightweight (6,000 lines of C),
> easy to configure and gives good control over the SSL connections (ciphers
> etc).
> Plus, we've experience with pushing large (GB) requests through it.
>
> I'm interested if others have a strong preference for one of the other
> options (stud, nginx, apache) and if so, what are the reasons you feel it
> would make a better choice for a first implementation.
>
> Thanks,
>
> -Stuart
>
More information about the OpenStack-dev
mailing list