[Openstack] Do we need SSL on nova-api ports?
Edward Konetzko
konetzed at quixoticagony.com
Tue Apr 26 17:52:51 UTC 2011
On 04/25/2011 12:47 PM, Kirill Shileev wrote:
> Hi all,
> Recently, playing with libcloud against a private openstack installation
> we realized that 8773 and 8774 ports listened by openstack-nova-api
> expect plain HTTP.
> This is something that is rarely allowed in production installations.
>
> We bypass the problem by providing stunnel proxy for those ports.
> Although, the fastest solution, it does not look satisfactory from the
> long term perspective.
> Hence the proposal:
> https://blueprints.launchpad.net/nova/+spec/openstack-api-ssl
>
> There is no any details so far, but the main idea is to change the
> default with nova-api
> to listen for SSL encoded transport.
>
> Other option would be making this configurable, although not sure why
> and where the plain HTTP might be justified.
>
> Any thoughts, comments?
>
> --
> Best regards,
> Kirill Shileev
> Senior software engineer
> www.GridDynamics.com <http://www.GridDynamics.com>
> +7 495 787 49 44 office
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
Kirill
Are you at the Openstack Confernece? Your ssl question is one of the
things I would like to discuss in the discussion session I registered,
http://openstack-spring2011.sched.org/event/4bb755f74fa7528bb5a0ccd20805ec0c
Edward
More information about the Openstack
mailing list