Hello Mark, I apologize for the late reply. Just wanted to say thanks for adding this to the wiki. We really appreciate your contribution to the project! :)
-Doug From: <Miller>, "Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.mil...@hp.com> Date: Friday, March 14, 2014 at 4:50 PM To: Douglas Mendizabal <douglas.mendiza...@rackspace.com>, "Ferreira, Rafael" <r...@io.com>, Remo Mattei <r...@italy1.com>, Wyllys Ingersoll <wyllys.ingers...@evault.com>, "openstack@lists.openstack.org" <openstack@lists.openstack.org> Subject: RE: [Openstack] [Barbican] HTTPS Connection Question Hello, I have successfully configured Barbican with the Apache2 server using WSGI and added Keystone authentication. In both scenarios the connections to/from Apache2 and to/from Keystone have been secured using HTTPS. There are no lingering insecure HTTP network connections. https://github.com/cloudkeep/barbican/wiki/Integration-with-Apache2 Regards, Mark Miller From: Douglas Mendizabal [mailto:douglas.mendiza...@rackspace.com] Sent: Tuesday, March 04, 2014 2:47 PM To: Miller, Mark M (EB SW Cloud - R&D - Corvallis); Ferreira, Rafael; Remo Mattei; Wyllys Ingersoll; openstack@lists.openstack.org Subject: Re: [Openstack] [Barbican] HTTPS Connection Question Hi Mark, I hope I can answer your questions: 1. HTTP support should be provided by the web server used to host barbican, not by barbican itself. The files where you noticed the “protocol = http” settings are uwsgi configuration files the Barbican team uses to run Barbican using uwsgi during development. The settings are just default development settings, and should be tuned to your particular situation. You can find more information about uwsgi config options on their official documentation. [1] In particular, you may be interested in enabling HTTPS support documentation. [2] 2. As I mentioned above, the dev team uses uwsgi to run Barbican, however there are no dependencies on uwsgi built into barbican. This means that, in theory, you should be able to run Barbican using Apache + mod_uwsgi, or Nginx + gunicorn, or any other web server capable of hosting a WSGI app. That said, we have not actually built environments with alternative web servers, so we don’t currently have any documentation on how to set that up. If you decide to deploy Barbican using Apache, we’d love to hear about your experience and help out in any way we can (join us at #openstack-barbican on Freenode). I would encourage you to contribute to our documentation wiki if you are successful. Regards, -Doug Mendizabal [1] http://uwsgi-docs.readthedocs.org/en/latest/Options.html [2] http://uwsgi-docs.readthedocs.org/en/latest/HTTPS.html?highlight=ssl#https-s upport-from-1-3 From: <Miller>, "Mark M (EB SW Cloud - R&D - Corvallis)" <mark.m.mil...@hp.com> Date: Tuesday, March 4, 2014 at 12:44 PM To: "Ferreira, Rafael" <r...@io.com>, Remo Mattei <r...@italy1.com>, Wyllys Ingersoll <wyllys.ingers...@evault.com>, "openstack@lists.openstack.org" <openstack@lists.openstack.org> Subject: Re: [Openstack] [Barbican] HTTPS Connection Question Hello, I’ve been digging and digging and I have not been able to locate the following information: 1. Does Barbican provide support for HTTPS connections to it? I noticed “protocol=http” in several .ini files and a .conf file, but no information on how to configure Barbican to use it. 2. The quickstart wiki shows how to install Barbican behind the uwsgi server. Is it possible to install Barbican behind Apache2? Is there any documentation or example configuration guides? Thanks, Mark
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
