<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 19, 2016 at 5:34 PM, John Dickinson <span dir="ltr"><<a href="mailto:me@not.mn" target="_blank">me@not.mn</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 17 Aug 2016, at 15:27, Nick Papadonis wrote:<br>
<br>
> comments<br>
><br>
> On Wed, Aug 17, 2016 at 4:53 PM, Matthew Thode <<a href="mailto:prometheanfire@gentoo.org">prometheanfire@gentoo.org</a>><br>
> wrote:<br>
><br>
>> On 08/17/2016 03:52 PM, Nick Papadonis wrote:<br>
>><br>
>>> Thanks for the quick response!<br>
>>><br>
>>> Glance worked for me in Mitaka. I had to specify 'chunked transfers'<br>
>>> and increase the size limit to 5GB. I had to pull some of the WSGI<br>
>>> source from glance and alter it slightly to call from Apache.<br>
>>><br>
>>> I saw that Nova claims mod_wsgi is 'experimental'. Interested in it's<br>
>>> really experimental or folks use it in production.<br>
>>><br>
>>> Nick<br>
>><br>
>> ya, cinder is experimental too (at least in my usage) as I'm using<br>
>> python3 as well :D For me it's a case of having to test the packages I<br>
>> build.<br>
>><br>
>><br>
> I converted Cinder to mod_wsgi because from what I recall, I found that SSL<br>
> support was removed from the Eventlet server. Swift endpoint outputs a log<br>
> warning that Eventlet SSL is only for testing purposes, which is another<br>
> reason why I turned to mod_wsgi for that.<br>
<br>
</span>FWIW, most prod Swift deployments I know of use HAProxy or stud to terminate TLS before forwarding the http stream to a proxy endpoint (local or remote). Especially when combined with a server that has AES-NI, this gives good performance.</blockquote><div><br></div><div>Thanks. I'd be interested if anyone has done a performance comparison of HAProxy vs mod_wsgi to terminate. </div></div></div></div>