Try passing in 'Server-Port-Secure: 443' header to the auth request.
Yehuda
On Wed, Oct 8, 2014 at 7:41 AM, Marco Garcês <marco@xxxxxxxxx> wrote:
> Hi David,
>
> I am indeed using Tengine 2.0.3, but I feel very strange that the
> default config is returning X-Storage-Url in the headers, in http, not
> https as the original request.
> I will try your options, and perhaps downgrading to 1.5.*, and report back.
>
> Thank you!
>
> Marco Garcês
> #sysadmin
> Maputo - Mozambique
>
>
> On Wed, Oct 8, 2014 at 4:26 PM, David Moreau Simard <dmsimard@xxxxxxxx> wrote:
>> Hi Marco,
>>
>> While I do not have a RadosGW implementation right now, I do have a successful setup with tengine and Swift - it should be pretty similar.
>>
>> What version of tengine are you trying to use ?
>> It dates back to a while.. but I remember having issues with the 2.0.x branch of tengine. We package our own version of 1.5.x.
>> In hindsight, the issues I got might've been because of the SPDY implementation but I didn't put much thought into it at the time.
>>
>> On my end, the config is in fact very simple and looks a bit like this:
>>
>> server {
>> listen ip:443;
>>
>> server_name swift.tld;
>>
>> access_log /var/log/nginx/swift_https_access.log;
>> error_log /var/log/nginx/swift_https_error.log;
>>
>> ssl on;
>> ssl_certificate /etc/nginx/ssl/swift.crt;
>> ssl_certificate_key /etc/nginx/ssl/swift.key;
>>
>> chunkin on;
>>
>> error_page 502 503 504 = @errors;
>> error_page 411 = @chunk_411_error;
>> location @chunk_411_error {
>> chunkin_resume;
>> }
>>
>> proxy_cache swift;
>> location / {
>> proxy_pass http://swift;
>> proxy_redirect off;
>> proxy_set_header Host $host;
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> }
>>
>> location @errors {
>> proxy_pass http://127.0.0.1;
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header Host 127.0.0.1;
>> }
>> }
>>
>> Regarding the HTTP thing, maybe you could set up a redirection and see what happens - a bit like this:
>> server {
>> listen ip:80;
>>
>> server_name rgw.tld;
>>
>> access_log /var/log/nginx/rgw_http_access.log;
>> error_log /var/log/nginx/rgw_http_error.log;
>>
>> error_page 502 503 504 = @errors;
>>
>> if ( $scheme = 'http' ) {
>> rewrite ^ https://$server_name$request_uri? permanent;
>> }
>>
>> location @errors {
>> proxy_pass http://127.0.0.1;
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header Host 127.0.0.1;
>> }
>> }
>> --
>> David Moreau Simard
>>
>> On Oct 8, 2014, at 7:53 AM, Marco Garcês <marco@xxxxxxxxx> wrote:
>>
>>> Hi there,
>>>
>>> I am using RadosGW over NGINX, with Swift API, and everything is
>>> working great, over HTTP, but with HTTPS, I keep getting errors, and
>>> I'm guessing is something on the gateway itself.
>>>
>>> Does anyone have a working HTTPS gateway with nginx? Can you provide
>>> it, so I can compare to mine?
>>>
>>> If I do a HTTP request, using Swift client from my machine, I get the
>>> response ok, but If I try it with HTTPS, I get:
>>>
>>> Account HEAD failed: http://gateway.local/swift/v1 400 Bad Request
>>>
>>> and on nginx side:
>>>
>>> 2014/10/08 13:37:34 [info] 18198#0: *50 client sent plain HTTP request
>>> to HTTPS port while reading client request headers, client:
>>> 10.5.5.222, server: *.gatew
>>> ay.local, request: "HEAD /swift/v1 HTTP/1.1", host: "gateway.local:443"
>>> 2014/10/08 13:37:34 [info] 18197#0: *48 client 10.5.5.222 closed
>>> keepalive connection
>>>
>>> I have wiresharked my connection, and there is no evidence that HTTP
>>> traffic is going out, when I make the request via HTTPS, so thats why
>>> I believe that the issue is on the gateway end.
>>>
>>> NGINX Config:
>>> server {
>>> listen 80;
>>> listen 443 ssl default;
>>>
>>> server_name *.gateway.bcitestes.local gateway.bcitestes.local;
>>> error_log logs/error_https.log debug;
>>> client_max_body_size 10g;
>>>
>>> # This is the important option that tengine has, but nginx does not
>>> fastcgi_request_buffering off;
>>>
>>> ssl_certificate /etc/pki/tls/certs/ca_rgw.crt;
>>> ssl_certificate_key /etc/pki/tls/private/ca_rgw.key;
>>>
>>> ssl_session_timeout 5m;
>>>
>>> ssl_protocols SSLv2 SSLv3 TLSv1;
>>> ssl_ciphers HIGH:!aNULL:!MD5;
>>> ssl_prefer_server_ciphers on;
>>> location / {
>>> fastcgi_pass_header Authorization;
>>> fastcgi_pass_request_headers on;
>>> fastcgi_param HTTPS on;
>>>
>>> if ($request_method = PUT ) {
>>> rewrite ^ /PUT$request_uri;
>>> }
>>> include fastcgi_params;
>>> fastcgi_param HTTPS on;
>>>
>>> fastcgi_pass
>>> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock;
>>> }
>>>
>>> location /PUT/ {
>>> internal;
>>> fastcgi_pass_header Authorization;
>>> fastcgi_pass_request_headers on;
>>>
>>> include fastcgi_params;
>>> fastcgi_param CONTENT_LENGTH $content_length;
>>> fastcgi_param HTTPS on;
>>>
>>> fastcgi_pass
>>> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock;
>>> }
>>>
>>> }
>>>
>>> Ceph config:
>>> [client.radosgw.gw]
>>> host = GATEWAY
>>> keyring = /etc/ceph/keyring.radosgw.gw
>>> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
>>> log file = /var/log/ceph/client.radosgw.gateway.log
>>> rgw print continue = false
>>> rgw dns name = gateway.bcitestes.local
>>> rgw enable ops log = false
>>> rgw enable usage log = true
>>> rgw usage log tick interval = 30
>>> rgw usage log flush threshold = 1024
>>> rgw usage max shards = 32
>>> rgw usage max user shards = 1
>>> rgw cache lru size = 15000
>>> rgw thread pool size = 2048
>>>
>>> ------------------
>>>
>>> Thanks in advance,
>>>
>>> Marco Garcês
>>> #sysadmin
>>> Maputo - Mozambique
>>> _______________________________________________
>>> ceph-users mailing list
>>> ceph-users@xxxxxxxxxxxxxx
>>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
