Hi Marco,
While I do not have a RadosGW implementation right now, I do have a successful setup with tengine and Swift - it should be pretty similar.
What version of tengine are you trying to use ?
It dates back to a while.. but I remember having issues with the 2.0.x branch of tengine. We package our own version of 1.5.x.
In hindsight, the issues I got might've been because of the SPDY implementation but I didn't put much thought into it at the time.
On my end, the config is in fact very simple and looks a bit like this:
server {
listen ip:443;
server_name swift.tld;
access_log /var/log/nginx/swift_https_access.log;
error_log /var/log/nginx/swift_https_error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/swift.crt;
ssl_certificate_key /etc/nginx/ssl/swift.key;
chunkin on;
error_page 502 503 504 = @errors;
error_page 411 = @chunk_411_error;
location @chunk_411_error {
chunkin_resume;
}
proxy_cache swift;
location / {
proxy_pass http://swift;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location @errors {
proxy_pass http://127.0.0.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host 127.0.0.1;
}
}
Regarding the HTTP thing, maybe you could set up a redirection and see what happens - a bit like this:
server {
listen ip:80;
server_name rgw.tld;
access_log /var/log/nginx/rgw_http_access.log;
error_log /var/log/nginx/rgw_http_error.log;
error_page 502 503 504 = @errors;
if ( $scheme = 'http' ) {
rewrite ^ https://$server_name$request_uri? permanent;
}
location @errors {
proxy_pass http://127.0.0.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host 127.0.0.1;
}
}
--
David Moreau Simard
On Oct 8, 2014, at 7:53 AM, Marco Garcês <marco@xxxxxxxxx> wrote:
> Hi there,
>
> I am using RadosGW over NGINX, with Swift API, and everything is
> working great, over HTTP, but with HTTPS, I keep getting errors, and
> I'm guessing is something on the gateway itself.
>
> Does anyone have a working HTTPS gateway with nginx? Can you provide
> it, so I can compare to mine?
>
> If I do a HTTP request, using Swift client from my machine, I get the
> response ok, but If I try it with HTTPS, I get:
>
> Account HEAD failed: http://gateway.local/swift/v1 400 Bad Request
>
> and on nginx side:
>
> 2014/10/08 13:37:34 [info] 18198#0: *50 client sent plain HTTP request
> to HTTPS port while reading client request headers, client:
> 10.5.5.222, server: *.gatew
> ay.local, request: "HEAD /swift/v1 HTTP/1.1", host: "gateway.local:443"
> 2014/10/08 13:37:34 [info] 18197#0: *48 client 10.5.5.222 closed
> keepalive connection
>
> I have wiresharked my connection, and there is no evidence that HTTP
> traffic is going out, when I make the request via HTTPS, so thats why
> I believe that the issue is on the gateway end.
>
> NGINX Config:
> server {
> listen 80;
> listen 443 ssl default;
>
> server_name *.gateway.bcitestes.local gateway.bcitestes.local;
> error_log logs/error_https.log debug;
> client_max_body_size 10g;
>
> # This is the important option that tengine has, but nginx does not
> fastcgi_request_buffering off;
>
> ssl_certificate /etc/pki/tls/certs/ca_rgw.crt;
> ssl_certificate_key /etc/pki/tls/private/ca_rgw.key;
>
> ssl_session_timeout 5m;
>
> ssl_protocols SSLv2 SSLv3 TLSv1;
> ssl_ciphers HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
> location / {
> fastcgi_pass_header Authorization;
> fastcgi_pass_request_headers on;
> fastcgi_param HTTPS on;
>
> if ($request_method = PUT ) {
> rewrite ^ /PUT$request_uri;
> }
> include fastcgi_params;
> fastcgi_param HTTPS on;
>
> fastcgi_pass
> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock;
> }
>
> location /PUT/ {
> internal;
> fastcgi_pass_header Authorization;
> fastcgi_pass_request_headers on;
>
> include fastcgi_params;
> fastcgi_param CONTENT_LENGTH $content_length;
> fastcgi_param HTTPS on;
>
> fastcgi_pass
> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock;
> }
>
> }
>
> Ceph config:
> [client.radosgw.gw]
> host = GATEWAY
> keyring = /etc/ceph/keyring.radosgw.gw
> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
> log file = /var/log/ceph/client.radosgw.gateway.log
> rgw print continue = false
> rgw dns name = gateway.bcitestes.local
> rgw enable ops log = false
> rgw enable usage log = true
> rgw usage log tick interval = 30
> rgw usage log flush threshold = 1024
> rgw usage max shards = 32
> rgw usage max user shards = 1
> rgw cache lru size = 15000
> rgw thread pool size = 2048
>
> ------------------
>
> Thanks in advance,
>
> Marco Garcês
> #sysadmin
> Maputo - Mozambique
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
