I made some tests: curl -D - -H "X-Auth-Key: QoakiyY0tg8jULacsJLsmAbyZHJbY5g/Rc/dOHK3" -H "X-Auth-User: frontend:swf0002" https://gateway.local/auth HTTP/1.1 204 Server: Tengine/2.0.3 Date: Wed, 08 Oct 2014 14:04:18 GMT Content-Type: application/json Connection: keep-alive X-Storage-Url: http://gateway.local:443/swift/v1 X-Storage-Token: AUTH_rgwtk1000000066726f6e74656e643a73776630303032e697e4fb9734a3a2e2953654283e3a005ab9b8a2b1eb5025d053078d76b46f4957690240 X-Auth-Token: AUTH_rgwtk1000000066726f6e74656e643a73776630303032e697e4fb9734a3a2e2953654283e3a005ab9b8a2b1eb5025d053078d76b46f4957690240 What upsets me, is I'm getting response header X-Storage-Url all wrong, it should be https! Any clues are welcomed. Thanks! Marco Garcês #sysadmin Maputo - Mozambique [Phone] +258 84 4105579 [Skype] marcogarces On Wed, Oct 8, 2014 at 1:53 PM, Marco Garcês <marco@xxxxxxxxx> wrote: > Hi there, > > I am using RadosGW over NGINX, with Swift API, and everything is > working great, over HTTP, but with HTTPS, I keep getting errors, and > I'm guessing is something on the gateway itself. > > Does anyone have a working HTTPS gateway with nginx? Can you provide > it, so I can compare to mine? > > If I do a HTTP request, using Swift client from my machine, I get the > response ok, but If I try it with HTTPS, I get: > > Account HEAD failed: http://gateway.local/swift/v1 400 Bad Request > > and on nginx side: > > 2014/10/08 13:37:34 [info] 18198#0: *50 client sent plain HTTP request > to HTTPS port while reading client request headers, client: > 10.5.5.222, server: *.gatew > ay.local, request: "HEAD /swift/v1 HTTP/1.1", host: "gateway.local:443" > 2014/10/08 13:37:34 [info] 18197#0: *48 client 10.5.5.222 closed > keepalive connection > > I have wiresharked my connection, and there is no evidence that HTTP > traffic is going out, when I make the request via HTTPS, so thats why > I believe that the issue is on the gateway end. > > NGINX Config: > server { > listen 80; > listen 443 ssl default; > > server_name *.gateway.bcitestes.local gateway.bcitestes.local; > error_log logs/error_https.log debug; > client_max_body_size 10g; > > # This is the important option that tengine has, but nginx does not > fastcgi_request_buffering off; > > ssl_certificate /etc/pki/tls/certs/ca_rgw.crt; > ssl_certificate_key /etc/pki/tls/private/ca_rgw.key; > > ssl_session_timeout 5m; > > ssl_protocols SSLv2 SSLv3 TLSv1; > ssl_ciphers HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > location / { > fastcgi_pass_header Authorization; > fastcgi_pass_request_headers on; > fastcgi_param HTTPS on; > > if ($request_method = PUT ) { > rewrite ^ /PUT$request_uri; > } > include fastcgi_params; > fastcgi_param HTTPS on; > > fastcgi_pass > unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock; > } > > location /PUT/ { > internal; > fastcgi_pass_header Authorization; > fastcgi_pass_request_headers on; > > include fastcgi_params; > fastcgi_param CONTENT_LENGTH $content_length; > fastcgi_param HTTPS on; > > fastcgi_pass > unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock; > } > > } > > Ceph config: > [client.radosgw.gw] > host = GATEWAY > keyring = /etc/ceph/keyring.radosgw.gw > rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock > log file = /var/log/ceph/client.radosgw.gateway.log > rgw print continue = false > rgw dns name = gateway.bcitestes.local > rgw enable ops log = false > rgw enable usage log = true > rgw usage log tick interval = 30 > rgw usage log flush threshold = 1024 > rgw usage max shards = 32 > rgw usage max user shards = 1 > rgw cache lru size = 15000 > rgw thread pool size = 2048 > > ------------------ > > Thanks in advance, > > Marco Garcês > #sysadmin > Maputo - Mozambique _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |