[openstack-dev] [TripleO] proxying SSL traffic for API requests
stuart.mclaren at hp.com
stuart.mclaren at hp.com
Wed Mar 26 13:14:20 UTC 2014
All,
I know there's a preference for using a proxy to terminate
SSL connections rather than using the native python code.
There's a good write up of configuring the various proxies here:
http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html
If we're not using native python SSL termination in TripleO we'll
need to pick which one of these would be a reasonable choice for
initial https support.
Pound may be a good choice -- its lightweight (6,000 lines of C),
easy to configure and gives good control over the SSL connections (ciphers etc).
Plus, we've experience with pushing large (GB) requests through it.
I'm interested if others have a strong preference for one of the other
options (stud, nginx, apache) and if so, what are the reasons you feel it
would make a better choice for a first implementation.
Thanks,
-Stuart
More information about the OpenStack-dev
mailing list