[openstack-dev] [TripleO] proxying SSL traffic for API requests

stuart.mclaren at hp.com stuart.mclaren at hp.com
Wed Mar 26 13:14:20 UTC 2014


I know there's a preference for using a proxy to terminate
SSL connections rather than using the native python code.

There's a good write up of configuring the various proxies here:


If we're not using native python SSL termination in TripleO we'll
need to pick which one of these would be a reasonable choice for
initial https support.

Pound may be a good choice -- its lightweight (6,000 lines of C),
easy to configure and gives good control over the SSL connections (ciphers etc).
Plus, we've experience with pushing large (GB) requests through it.

I'm interested if others have a strong preference for one of the other
options (stud, nginx, apache) and if so, what are the reasons you feel it
would make a better choice for a first implementation.



More information about the OpenStack-dev mailing list