[openstack-dev] [TripleO] proxying SSL traffic for API requests

stuart.mclaren at hp.com stuart.mclaren at hp.com
Wed Mar 26 13:49:10 UTC 2014

• Previous message: [openstack-dev] [TripleO] proxying SSL traffic for API requests
• Next message: [openstack-dev] [TripleO] proxying SSL traffic for API requests
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Just spotted the openstack-ssl element which uses 'stunnel'...
On 2014年3月26日, stuart.mclaren at hp.com wrote:
> All,
>> I know there's a preference for using a proxy to terminate
> SSL connections rather than using the native python code.
>> There's a good write up of configuring the various proxies here:
>> http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html
>> If we're not using native python SSL termination in TripleO we'll
> need to pick which one of these would be a reasonable choice for
> initial https support.
>> Pound may be a good choice -- its lightweight (6,000 lines of C),
> easy to configure and gives good control over the SSL connections (ciphers 
> etc).
> Plus, we've experience with pushing large (GB) requests through it.
>> I'm interested if others have a strong preference for one of the other
> options (stud, nginx, apache) and if so, what are the reasons you feel it
> would make a better choice for a first implementation.
>> Thanks,
>> -Stuart
>

---

• Previous message: [openstack-dev] [TripleO] proxying SSL traffic for API requests
• Next message: [openstack-dev] [TripleO] proxying SSL traffic for API requests
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the OpenStack-dev mailing list