[openstack-dev] [TripleO] proxying SSL traffic for API requests

stuart.mclaren at hp.com stuart.mclaren at hp.com
Wed Mar 26 13:49:10 UTC 2014

Just spotted the openstack-ssl element which uses 'stunnel'...

On Wed, 26 Mar 2014, stuart.mclaren at hp.com wrote:

> All,
> I know there's a preference for using a proxy to terminate
> SSL connections rather than using the native python code.
> There's a good write up of configuring the various proxies here:
> http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html
> If we're not using native python SSL termination in TripleO we'll
> need to pick which one of these would be a reasonable choice for
> initial https support.
> Pound may be a good choice -- its lightweight (6,000 lines of C),
> easy to configure and gives good control over the SSL connections (ciphers 
> etc).
> Plus, we've experience with pushing large (GB) requests through it.
> I'm interested if others have a strong preference for one of the other
> options (stud, nginx, apache) and if so, what are the reasons you feel it
> would make a better choice for a first implementation.
> Thanks,
> -Stuart

More information about the OpenStack-dev mailing list