Hi David,
I am indeed using Tengine 2.0.3, but I feel very strange that the
default config is returning X-Storage-Url in the headers, in http, not
https as the original request.
I will try your options, and perhaps downgrading to 1.5.*, and report back.
Thank you!
Marco Garcês
#sysadmin
Maputo - Mozambique
On Wed, Oct 8, 2014 at 4:26 PM, David Moreau Simard <dmsimard@xxxxxxxx> wrote:
> Hi Marco,
>
> While I do not have a RadosGW implementation right now, I do have a successful setup with tengine and Swift - it should be pretty similar.
>
> What version of tengine are you trying to use ?
> It dates back to a while.. but I remember having issues with the 2.0.x branch of tengine. We package our own version of 1.5.x.
> In hindsight, the issues I got might've been because of the SPDY implementation but I didn't put much thought into it at the time.
>
> On my end, the config is in fact very simple and looks a bit like this:
>
> server {
> listen ip:443;
>
> server_name swift.tld;
>
> access_log /var/log/nginx/swift_https_access.log;
> error_log /var/log/nginx/swift_https_error.log;
>
> ssl on;
> ssl_certificate /etc/nginx/ssl/swift.crt;
> ssl_certificate_key /etc/nginx/ssl/swift.key;
>
> chunkin on;
>
> error_page 502 503 504 = @errors;
> error_page 411 = @chunk_411_error;
> location @chunk_411_error {
> chunkin_resume;
> }
>
> proxy_cache swift;
> location / {
> proxy_pass http://swift;
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> }
>
> location @errors {
> proxy_pass http://127.0.0.1;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header Host 127.0.0.1;
> }
> }
>
> Regarding the HTTP thing, maybe you could set up a redirection and see what happens - a bit like this:
> server {
> listen ip:80;
>
> server_name rgw.tld;
>
> access_log /var/log/nginx/rgw_http_access.log;
> error_log /var/log/nginx/rgw_http_error.log;
>
> error_page 502 503 504 = @errors;
>
> if ( $scheme = 'http' ) {
> rewrite ^ https://$server_name$request_uri? permanent;
> }
>
> location @errors {
> proxy_pass http://127.0.0.1;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header Host 127.0.0.1;
> }
> }
> --
> David Moreau Simard
>
> On Oct 8, 2014, at 7:53 AM, Marco Garcês <marco@xxxxxxxxx> wrote:
>
>> Hi there,
>>
>> I am using RadosGW over NGINX, with Swift API, and everything is
>> working great, over HTTP, but with HTTPS, I keep getting errors, and
>> I'm guessing is something on the gateway itself.
>>
>> Does anyone have a working HTTPS gateway with nginx? Can you provide
>> it, so I can compare to mine?
>>
>> If I do a HTTP request, using Swift client from my machine, I get the
>> response ok, but If I try it with HTTPS, I get:
>>
>> Account HEAD failed: http://gateway.local/swift/v1 400 Bad Request
>>
>> and on nginx side:
>>
>> 2014/10/08 13:37:34 [info] 18198#0: *50 client sent plain HTTP request
>> to HTTPS port while reading client request headers, client:
>> 10.5.5.222, server: *.gatew
>> ay.local, request: "HEAD /swift/v1 HTTP/1.1", host: "gateway.local:443"
>> 2014/10/08 13:37:34 [info] 18197#0: *48 client 10.5.5.222 closed
>> keepalive connection
>>
>> I have wiresharked my connection, and there is no evidence that HTTP
>> traffic is going out, when I make the request via HTTPS, so thats why
>> I believe that the issue is on the gateway end.
>>
>> NGINX Config:
>> server {
>> listen 80;
>> listen 443 ssl default;
>>
>> server_name *.gateway.bcitestes.local gateway.bcitestes.local;
>> error_log logs/error_https.log debug;
>> client_max_body_size 10g;
>>
>> # This is the important option that tengine has, but nginx does not
>> fastcgi_request_buffering off;
>>
>> ssl_certificate /etc/pki/tls/certs/ca_rgw.crt;
>> ssl_certificate_key /etc/pki/tls/private/ca_rgw.key;
>>
>> ssl_session_timeout 5m;
>>
>> ssl_protocols SSLv2 SSLv3 TLSv1;
>> ssl_ciphers HIGH:!aNULL:!MD5;
>> ssl_prefer_server_ciphers on;
>> location / {
>> fastcgi_pass_header Authorization;
>> fastcgi_pass_request_headers on;
>> fastcgi_param HTTPS on;
>>
>> if ($request_method = PUT ) {
>> rewrite ^ /PUT$request_uri;
>> }
>> include fastcgi_params;
>> fastcgi_param HTTPS on;
>>
>> fastcgi_pass
>> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock;
>> }
>>
>> location /PUT/ {
>> internal;
>> fastcgi_pass_header Authorization;
>> fastcgi_pass_request_headers on;
>>
>> include fastcgi_params;
>> fastcgi_param CONTENT_LENGTH $content_length;
>> fastcgi_param HTTPS on;
>>
>> fastcgi_pass
>> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock;
>> }
>>
>> }
>>
>> Ceph config:
>> [client.radosgw.gw]
>> host = GATEWAY
>> keyring = /etc/ceph/keyring.radosgw.gw
>> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
>> log file = /var/log/ceph/client.radosgw.gateway.log
>> rgw print continue = false
>> rgw dns name = gateway.bcitestes.local
>> rgw enable ops log = false
>> rgw enable usage log = true
>> rgw usage log tick interval = 30
>> rgw usage log flush threshold = 1024
>> rgw usage max shards = 32
>> rgw usage max user shards = 1
>> rgw cache lru size = 15000
>> rgw thread pool size = 2048
>>
>> ------------------
>>
>> Thanks in advance,
>>
>> Marco Garcês
>> #sysadmin
>> Maputo - Mozambique
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@xxxxxxxxxxxxxx
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
