On 9 February 2016 at 11:30, Sage Weil <sweil@xxxxxxxxxx> wrote: > What do you think? There are some valid use-cases for wanting apache (or > whatever) in front as it gives you access to a bunch of modules. On the > other hand, you can do the same with a proxy. I don't think it's valid to point people at the civetweb docs without some clear info about how it is embedded in radosgw and how (if it's even possible?) to change the embedded civetweb's config. At Monash we recently implemented radosgw under Red Hat Ceph (i.e., Hammer .3-ish). We were quite surprised (and to be honest, a bit disappointed) that there was apparently no documentation about architecture or configuration for standing up a production grade radosgw service with the current tech (civetweb) - understandable to see upstream/community docs lacking, but had hoped the Red Hat subscription might unlock some useful internal docs/configs to this effect. After some effort we now have a horizontally scalable radosgw behind haproxy (SSL termination there) + keepalived with basic DNS round-robin providing the initial request fan-out, and would be willing to contribute some rudimentary info to the docs around this. We're now trying to figure out how we can implement some basic security controls with this setup (e.g., block brute-force attempts)... -- Cheers, ~Blairo -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
