[openstack-dev] [devstack] on stud replacement for tls-proxy option on Ubuntu Xenial
Masanori Itoh
masanori.itoh at gmail.com
Sat Sep 3 04:30:13 UTC 2016
Hello Clark,
Thanks!
I also had a look at the fix.
It eliminates 'stud' usage and replace it by apache2/mod_ssl, right?
But, there are use cases like:
- use apache2/mod_wsgi for better performance
and
- have an out-of-the-box SSL terminator (box)
Also, we have 'USE_TLS' option enabling to terminate SSL by apache2/mod_ssl.
So, I think it's better to leave 'tls-proxy' using a non-apache SSL
terminater like 'stud' or 'hitch'
as an option for the use case above.
My fix is like that.
What do you think about?
Thanks in advance,
Masanori
On Sat, Sep 3, 2016 at 7:24 AM, Clark Boylan <cboylan at sapwetik.org> wrote:
> On Fri, Sep 2, 2016, at 10:50 AM, Masanori Itoh wrote:
>> Hello,
>>
>> Recently, I noticed that on Ubuntu Xenial 'stud' for tls-proxy option
>> is no longer available and replaced by 'hitch'.
>>
>> I filed a bug report and proposed a fix.
>>
>> https://bugs.launchpad.net/devstack/+bug/1613071
>> https://review.openstack.org/#/c/355253/
>>
>> Ian gave me +1, and could anyone else review my fix?
>>
>>
>> BTW, I noticed there are some more issues around devstack keystone
>> support. I'll continue working on them.
>
> There is also https://review.openstack.org/#/c/364013/ which just uses
> apache (which should be just about everywhere and is already used by
> devstack) to terminate ssl.
>
> Clark
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list