openstack-manuals

Chapter 9. Object Storage in OpenStack Security Guide - current - apache recommendation

Bug #1378567 reported by John Dickinson on 2014-10-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	High	Darren Chan	openstack-manuals juno

Bug Description

In the "Use SSL/TLS" section, it states

"The current work around is to not use the built-in web server but an alternative web server instead that supports sending both the public server certificate as well as the CA signing authorities intermediate certificate(s)"

Instead of recommending a different web server, the current best-practice is to use an SSL-terminator like stud, haproxy, etc. Running Swift behind Apache isn't a deployment pattern that is well-tested at scale.

-----------------------------------
Built: 2014-10-07T20:57:52 00:00
git SHA: a73b82c01ee67985428abc4f59ab0932b5ea9c96
URL: http://docs.openstack.org/security-guide/content/object-storage.html
source File: file:/home/jenkins/workspace/security-doc-tox-doc-publishdocs/security-guide/ch_object-storage.xml
xml:id: object-storage

Tags:

Tom Fifield (fifieldt) on 2014-10-08

Changed in openstack-manuals:
milestone:	none → juno
status:	New → Confirmed
importance:	Undecided → High
status:	Confirmed → Triaged
tags:	added: swift

Darren Chan (dazzachan) on 2014-10-10

Changed in openstack-manuals:
assignee:	nobody → Darren Chan (dazzachan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-10: Fix proposed to security-doc (master)

Fix proposed to branch: master
Review: https://review.openstack.org/127419

Changed in openstack-manuals:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-16: Fix merged to security-doc (master)

Reviewed: https://review.openstack.org/127419
Committed: https://git.openstack.org/cgit/openstack/security-doc/commit/?id=5bc721f57c8ec58a3ff3a1d1a04437931ee82bac
Submitter: Jenkins
Branch: master

commit 5bc721f57c8ec58a3ff3a1d1a04437931ee82bac
Author: darrenchan <email address hidden>
Date: Fri Oct 10 16:30:59 2014 +1100

Update SSL/TTL section in the security guide

Added SSL termination proxy as the recommended work around to support transmission of the entire SSL certificate chain.

    Change-Id: I2ffef68c7a5fc7c65ae58128ef1a0ab61c061851
    backport: none
    Closes-Bug: #1378567

Changed in openstack-manuals:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.