OpenStack Object Storage (swift)

how to setup keystone and Swift with https (updated)

Asked by ning_zhang

Is there any document on how to setup keystone and Swift with https/ssl ?

I follow the link here (http://keystone.openstack.org/configuringservices.html), but it seems only work for http. Plus, I google the keyword "keystone swift https" or "keystone swift ssl", but could not find any useful information.

Please let me know if you happen to know how to setup keystone and Swift with https/ssl.

Thanks,

======================================================================================================

Sorry, ,my intention is to ask: how to let proxy server to accept the https requests from the user application ? I think this may involve some updates on the keystone configuration and proxy-server.conf

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Chmouel Boudjnah (chmouel) said : 		#1

So which part you are asking about, to have keystone as ssl or swift as ssl (or the auth middleware as ssl) ?

Revision history for this message
ning_zhang (ning) said : 		#2

Sorry, ,my intention is to ask: how to let proxy server to accept the https requests from the user application ? I think this may involve some updates on the keystone configuration and proxy-server.conf

Revision history for this message
Chmouel Boudjnah (chmouel) said : 		#3

On swift proxy we advise to use a software or hardware ssl LB. For software LB pound would do SSL for you and you just bind it in front of your Swift proxy.

For keystone you can have keystone run under Apache+mod_ssl see documentation here: http://adam.younglogic.com/2012/04/keystone-httpd/

For the auth middleware it just a matter to run auth_protocol=https configuration variable.

These guys have written a guide for configuring OpenStack services (including the one you are listing) http://cssoss.wordpress.com/, hopefully this should wrap up everything together for you.

There is no step by step howto AFAIK so you probably want to do some digging (and document it after ;))

Can you help with this problem?

Provide an answer of your own, or ask ning_zhang for more information if necessary.

To post a message you must log in.