Try passing in 'Server-Port-Secure: 443' header to the auth request. Yehuda On Wed, Oct 8, 2014 at 7:41 AM, Marco Garcês <marco@xxxxxxxxx> wrote: > Hi David, > > I am indeed using Tengine 2.0.3, but I feel very strange that the > default config is returning X-Storage-Url in the headers, in http, not > https as the original request. > I will try your options, and perhaps downgrading to 1.5.*, and report back. > > Thank you! > > Marco Garcês > #sysadmin > Maputo - Mozambique > > > On Wed, Oct 8, 2014 at 4:26 PM, David Moreau Simard <dmsimard@xxxxxxxx> wrote: >> Hi Marco, >> >> While I do not have a RadosGW implementation right now, I do have a successful setup with tengine and Swift - it should be pretty similar. >> >> What version of tengine are you trying to use ? >> It dates back to a while.. but I remember having issues with the 2.0.x branch of tengine. We package our own version of 1.5.x. >> In hindsight, the issues I got might've been because of the SPDY implementation but I didn't put much thought into it at the time. >> >> On my end, the config is in fact very simple and looks a bit like this: >> >> server { >> listen ip:443; >> >> server_name swift.tld; >> >> access_log /var/log/nginx/swift_https_access.log; >> error_log /var/log/nginx/swift_https_error.log; >> >> ssl on; >> ssl_certificate /etc/nginx/ssl/swift.crt; >> ssl_certificate_key /etc/nginx/ssl/swift.key; >> >> chunkin on; >> >> error_page 502 503 504 = @errors; >> error_page 411 = @chunk_411_error; >> location @chunk_411_error { >> chunkin_resume; >> } >> >> proxy_cache swift; >> location / { >> proxy_pass http://swift; >> proxy_redirect off; >> proxy_set_header Host $host; >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> } >> >> location @errors { >> proxy_pass http://127.0.0.1; >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header Host 127.0.0.1; >> } >> } >> >> Regarding the HTTP thing, maybe you could set up a redirection and see what happens - a bit like this: >> server { >> listen ip:80; >> >> server_name rgw.tld; >> >> access_log /var/log/nginx/rgw_http_access.log; >> error_log /var/log/nginx/rgw_http_error.log; >> >> error_page 502 503 504 = @errors; >> >> if ( $scheme = 'http' ) { >> rewrite ^ https://$server_name$request_uri? permanent; >> } >> >> location @errors { >> proxy_pass http://127.0.0.1; >> proxy_set_header X-Real-IP $remote_addr; >> proxy_set_header Host 127.0.0.1; >> } >> } >> -- >> David Moreau Simard >> >> On Oct 8, 2014, at 7:53 AM, Marco Garcês <marco@xxxxxxxxx> wrote: >> >>> Hi there, >>> >>> I am using RadosGW over NGINX, with Swift API, and everything is >>> working great, over HTTP, but with HTTPS, I keep getting errors, and >>> I'm guessing is something on the gateway itself. >>> >>> Does anyone have a working HTTPS gateway with nginx? Can you provide >>> it, so I can compare to mine? >>> >>> If I do a HTTP request, using Swift client from my machine, I get the >>> response ok, but If I try it with HTTPS, I get: >>> >>> Account HEAD failed: http://gateway.local/swift/v1 400 Bad Request >>> >>> and on nginx side: >>> >>> 2014/10/08 13:37:34 [info] 18198#0: *50 client sent plain HTTP request >>> to HTTPS port while reading client request headers, client: >>> 10.5.5.222, server: *.gatew >>> ay.local, request: "HEAD /swift/v1 HTTP/1.1", host: "gateway.local:443" >>> 2014/10/08 13:37:34 [info] 18197#0: *48 client 10.5.5.222 closed >>> keepalive connection >>> >>> I have wiresharked my connection, and there is no evidence that HTTP >>> traffic is going out, when I make the request via HTTPS, so thats why >>> I believe that the issue is on the gateway end. >>> >>> NGINX Config: >>> server { >>> listen 80; >>> listen 443 ssl default; >>> >>> server_name *.gateway.bcitestes.local gateway.bcitestes.local; >>> error_log logs/error_https.log debug; >>> client_max_body_size 10g; >>> >>> # This is the important option that tengine has, but nginx does not >>> fastcgi_request_buffering off; >>> >>> ssl_certificate /etc/pki/tls/certs/ca_rgw.crt; >>> ssl_certificate_key /etc/pki/tls/private/ca_rgw.key; >>> >>> ssl_session_timeout 5m; >>> >>> ssl_protocols SSLv2 SSLv3 TLSv1; >>> ssl_ciphers HIGH:!aNULL:!MD5; >>> ssl_prefer_server_ciphers on; >>> location / { >>> fastcgi_pass_header Authorization; >>> fastcgi_pass_request_headers on; >>> fastcgi_param HTTPS on; >>> >>> if ($request_method = PUT ) { >>> rewrite ^ /PUT$request_uri; >>> } >>> include fastcgi_params; >>> fastcgi_param HTTPS on; >>> >>> fastcgi_pass >>> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock; >>> } >>> >>> location /PUT/ { >>> internal; >>> fastcgi_pass_header Authorization; >>> fastcgi_pass_request_headers on; >>> >>> include fastcgi_params; >>> fastcgi_param CONTENT_LENGTH $content_length; >>> fastcgi_param HTTPS on; >>> >>> fastcgi_pass >>> unix:/var/run/ceph/ceph.radosgw.gateway.fastcgi.sock; >>> } >>> >>> } >>> >>> Ceph config: >>> [client.radosgw.gw] >>> host = GATEWAY >>> keyring = /etc/ceph/keyring.radosgw.gw >>> rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock >>> log file = /var/log/ceph/client.radosgw.gateway.log >>> rgw print continue = false >>> rgw dns name = gateway.bcitestes.local >>> rgw enable ops log = false >>> rgw enable usage log = true >>> rgw usage log tick interval = 30 >>> rgw usage log flush threshold = 1024 >>> rgw usage max shards = 32 >>> rgw usage max user shards = 1 >>> rgw cache lru size = 15000 >>> rgw thread pool size = 2048 >>> >>> ------------------ >>> >>> Thanks in advance, >>> >>> Marco Garcês >>> #sysadmin >>> Maputo - Mozambique >>> _______________________________________________ >>> ceph-users mailing list >>> ceph-users@xxxxxxxxxxxxxx >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com