On Tue, Dec 27, 2011 at 2:11 PM, andi abes <[email protected]> wrote: > Does the swift proxy enforce SSL connections if it's configured with a > cert/key file? Or is it assumed that there's an external entity performing > that?
The Swift proxy's SSL support is probably only useful for light testing - SSL in python (and especially with eventlet) has historically been slow and subtly broken. But basically the way it works, it's either in SSL mode or non-SSL mode. If you configure cert and key files, it switches to SSL mode. In a production environment, I'd suggest putting a reverse proxy like Pound in front of Swift to terminate SSL. Depending on your environment, it may also be a good idea to run that on separate hardware. That can get SSL termination CPU usage off the proxies, and provide all the usual benefits of load balancing like being able to remove proxy servers from rotation without downtime. -Michael _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
