2023-05-30 06:13:00 |
Samuel Allan |
bug |
|
|
added bug |
2023-05-30 06:16:41 |
Samuel Allan |
description |
For use with encryption, the `rgw trust forwarded https` option must be enabled.
> Requests for server-side encryption must be sent over a secure HTTPS connection to avoid sending secrets in plaintext. If a proxy is used for SSL termination, rgw trust forwarded https must be enabled before forwarded requests will be trusted as secure.
https://docs.ceph.com/en/latest/radosgw/encryption/
This option is not currently set by the charm. It should be set, so that SSE-C encryption can work out of the box.
---
Note: a current workaround is to run this:
```
juju config ceph-radosgw config-flags='{"global":{"rgw trust forwarded https": true}}'
``` |
For use with encryption, the `rgw trust forwarded https` option must be enabled.
> Requests for server-side encryption must be sent over a secure HTTPS connection to avoid sending secrets in plaintext. If a proxy is used for SSL termination, rgw trust forwarded https must be enabled before forwarded requests will be trusted as secure.
https://docs.ceph.com/en/latest/radosgw/encryption/
This option is not currently set by the charm. It should be set, so that SSE-C encryption can work out of the box.
It should be always set if the apache2 proxy with ssl is being used. Not sure the security implications of setting it if ssl is not enabled.
---
Note: a current workaround is to run this:
```
juju config ceph-radosgw config-flags='{"global":{"rgw trust forwarded https": true}}'
```
Which configures /etc/ceph/ceph.conf as required with
```
[global]
rgw trust forwarded https = True
``` |
|
2023-05-30 06:30:59 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
2023-05-30 14:27:32 |
Nobuto Murata |
bug |
|
|
added subscriber Canonical Field High |
2023-05-31 04:48:05 |
OpenStack Infra |
charm-ceph-radosgw: status |
New |
In Progress |
|
2023-05-31 05:33:19 |
Samuel Allan |
charm-ceph-radosgw: assignee |
|
Samuel Walladge (swalladge) |
|
2023-06-01 09:32:08 |
OpenStack Infra |
charm-ceph-radosgw: status |
In Progress |
Fix Committed |
|
2023-09-14 11:55:34 |
Felipe Reyes |
nominated for series |
|
charm-ceph-radosgw/quincy.2 |
|
2023-09-14 11:55:34 |
Felipe Reyes |
bug task added |
|
charm-ceph-radosgw/quincy.2 |
|
2023-09-14 11:55:39 |
Felipe Reyes |
charm-ceph-radosgw/quincy.2: status |
New |
Fix Released |
|