[Openstack] [Barbican] HTTPS Connection Question

Miller, Mark M (EB SW Cloud - R&D - Corvallis) mark.m.miller at hp.com
Fri Mar 14 21:50:35 UTC 2014


Hello,

I have successfully configured Barbican with the Apache2 server using WSGI and added Keystone authentication. In both scenarios the connections to/from Apache2 and to/from Keystone have been secured using HTTPS. There are no lingering insecure HTTP network connections.

https://github.com/cloudkeep/barbican/wiki/Integration-with-Apache2

Regards,

Mark Miller

From: Douglas Mendizabal [mailto:douglas.mendizabal at RACKSPACE.COM]
Sent: Tuesday, March 04, 2014 2:47 PM
To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); Ferreira, Rafael; Remo Mattei; Wyllys Ingersoll; openstack at lists.openstack.org
Subject: Re: [Openstack] [Barbican] HTTPS Connection Question

Hi Mark,

I hope I can answer your questions:

1. HTTP support should be provided by the web server used to host barbican, not by barbican itself.  The files where you noticed the “protocol = http” settings are uwsgi configuration files the Barbican team uses to run Barbican using uwsgi during development.  The settings are just default development settings, and should be tuned to your particular situation.  You can find more information about uwsgi config options on their official documentation. [1]  In particular, you may be interested in enabling HTTPS support documentation. [2]

2. As I mentioned above, the dev team uses uwsgi to run Barbican, however there are no dependencies on uwsgi built into barbican.  This means that, in theory, you should be able to run Barbican using Apache + mod_uwsgi, or Nginx + gunicorn, or any other web server capable of hosting a WSGI app.  That said, we have not actually built environments with alternative web servers, so we don’t currently have any documentation on how to set that up.   If you decide to deploy Barbican using Apache, we’d love to hear about your experience and help out in any way we can (join us at #openstack-barbican on Freenode).  I would encourage you to contribute to our documentation wiki if you are successful.

Regards,
-Doug Mendizabal

[1] http://uwsgi-docs.readthedocs.org/en/latest/Options.html
[2] http://uwsgi-docs.readthedocs.org/en/latest/HTTPS.html?highlight=ssl#https-support-from-1-3


From: <Miller>, "Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.miller at hp.com<mailto:mark.m.miller at hp.com>>
Date: Tuesday, March 4, 2014 at 12:44 PM
To: "Ferreira, Rafael" <raf at io.com<mailto:raf at io.com>>, Remo Mattei <remo at italy1.com<mailto:remo at italy1.com>>, Wyllys Ingersoll <wyllys.ingersoll at evault.com<mailto:wyllys.ingersoll at evault.com>>, "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
Subject: Re: [Openstack] [Barbican] HTTPS Connection Question

Hello,

I’ve been digging and digging and I have not been able to locate the following information:


1.      Does Barbican provide support for HTTPS connections to it? I noticed  “protocol=http” in several .ini files and a .conf file, but no information on how to configure Barbican to use it.

2.      The quickstart wiki shows how to install Barbican behind the uwsgi server. Is it possible to install Barbican behind Apache2? Is there any documentation or example configuration guides?

Thanks,

Mark


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140314/b5c8823e/attachment.html>


More information about the Openstack mailing list