© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Ok, a fresh look on this revealed a few interesting aspects of the problem. This is not about SSL, and not about libs (as stated in the OP). It can be much simpler with haproxy (hacluster) just binding to the wildcard address and letting everything not explicitly ACL'd to go to the official public backend (which will enter radosgw through the only SSL configured public network therefore not requiring changes to the SSL part).
The problem today is that although the haproxy config _is_ binding to *:443, the default backend is the internal endpoint and not the public one. Is there a reason for this? From a security standpoint it seems even worse. But there may be a not obvious reason for having it there.
If there is not, then changing haproxy default backend would be the easiest solutions for this.