[Openstack] [Barbican] HTTPS Connection Question
Douglas Mendizabal
douglas.mendizabal at RACKSPACE.COM
Wed Mar 19 18:30:50 UTC 2014
Hello Mark,
I apologize for the late reply. Just wanted to say thanks for adding this
to the wiki. We really appreciate your contribution to the project! :)
-Doug
From: <Miller>, "Mark M (EB SW Cloud - R&D - Corvallis)"
<mark.m.miller at hp.com>
Date: Friday, March 14, 2014 at 4:50 PM
To: Douglas Mendizabal <douglas.mendizabal at rackspace.com>, "Ferreira,
Rafael" <raf at io.com>, Remo Mattei <remo at italy1.com>, Wyllys Ingersoll
<wyllys.ingersoll at evault.com>, "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Subject: RE: [Openstack] [Barbican] HTTPS Connection Question
Hello,
I have successfully configured Barbican with the Apache2 server using WSGI
and added Keystone authentication. In both scenarios the connections to/from
Apache2 and to/from Keystone have been secured using HTTPS. There are no
lingering insecure HTTP network connections.
https://github.com/cloudkeep/barbican/wiki/Integration-with-Apache2
Regards,
Mark Miller
From: Douglas Mendizabal [mailto:douglas.mendizabal at RACKSPACE.COM]
Sent: Tuesday, March 04, 2014 2:47 PM
To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); Ferreira, Rafael; Remo
Mattei; Wyllys Ingersoll; openstack at lists.openstack.org
Subject: Re: [Openstack] [Barbican] HTTPS Connection Question
Hi Mark,
I hope I can answer your questions:
1. HTTP support should be provided by the web server used to host barbican,
not by barbican itself. The files where you noticed the “protocol = http”
settings are uwsgi configuration files the Barbican team uses to run
Barbican using uwsgi during development. The settings are just default
development settings, and should be tuned to your particular situation. You
can find more information about uwsgi config options on their official
documentation. [1] In particular, you may be interested in enabling HTTPS
support documentation. [2]
2. As I mentioned above, the dev team uses uwsgi to run Barbican, however
there are no dependencies on uwsgi built into barbican. This means that, in
theory, you should be able to run Barbican using Apache + mod_uwsgi, or
Nginx + gunicorn, or any other web server capable of hosting a WSGI app.
That said, we have not actually built environments with alternative web
servers, so we don’t currently have any documentation on how to set that up.
If you decide to deploy Barbican using Apache, we’d love to hear about your
experience and help out in any way we can (join us at #openstack-barbican on
Freenode). I would encourage you to contribute to our documentation wiki if
you are successful.
Regards,
-Doug Mendizabal
[1] http://uwsgi-docs.readthedocs.org/en/latest/Options.html
[2]
http://uwsgi-docs.readthedocs.org/en/latest/HTTPS.html?highlight=ssl#https-s
upport-from-1-3
From: <Miller>, "Mark M (EB SW Cloud - R&D - Corvallis)"
<mark.m.miller at hp.com>
Date: Tuesday, March 4, 2014 at 12:44 PM
To: "Ferreira, Rafael" <raf at io.com>, Remo Mattei <remo at italy1.com>, Wyllys
Ingersoll <wyllys.ingersoll at evault.com>, "openstack at lists.openstack.org"
<openstack at lists.openstack.org>
Subject: Re: [Openstack] [Barbican] HTTPS Connection Question
Hello,
I’ve been digging and digging and I have not been able to locate the
following information:
1. Does Barbican provide support for HTTPS connections to it? I noticed
“protocol=http” in several .ini files and a .conf file, but no information
on how to configure Barbican to use it.
2. The quickstart wiki shows how to install Barbican behind the uwsgi
server. Is it possible to install Barbican behind Apache2? Is there any
documentation or example configuration guides?
Thanks,
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140319/7a2f348f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5660 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140319/7a2f348f/attachment.bin>
More information about the Openstack
mailing list