← Back to team overview

openstack team mailing list archive

Re: Do we need SSL on nova-api ports?

 

On 04/25/2011 12:47 PM, Kirill Shileev wrote:
Hi all,
Recently, playing with libcloud against a private openstack installation
we realized that 8773 and 8774 ports listened by openstack-nova-api
expect plain HTTP.
This is something that is rarely allowed in production installations.

We  bypass the problem by providing stunnel proxy for those ports.
Although, the fastest solution, it does not look satisfactory from the
long term perspective.
Hence the proposal:
https://blueprints.launchpad.net/nova/+spec/openstack-api-ssl

There is no any details so far, but the main idea is to change the
default with nova-api
to listen for SSL encoded transport.

Other option would be making this configurable, although not sure why
and where the plain HTTP might be justified.

Any thoughts, comments?

--
Best regards,
Kirill Shileev
Senior software engineer
www.GridDynamics.com <http://www.GridDynamics.com>
+7 495 787 49 44 office



_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Kirill

Are you at the Openstack Confernece? Your ssl question is one of the things I would like to discuss in the discussion session I registered, http://openstack-spring2011.sched.org/event/4bb755f74fa7528bb5a0ccd20805ec0c

Edward


References