18.4.4. Configuring Proxy Server for HTTPS

By default, proxy server only handles HTTP request. To configure the proxy server to process HTTPS requests, perform the following steps:
  1. Create self-signed cert for SSL using the following commands:
    cd /etc/swift
    openssl req -new -x509 -nodes -out cert.crt -keyout cert.key
  2. Add the following lines to /etc/swift/proxy-server.conf under [DEFAULT]
    bind_port = 443
     cert_file = /etc/swift/cert.crt
     key_file = /etc/swift/cert.key
  3. Restart the servers using the following commands:
    swift-init main stop
    swift-init main start
The following are the configurable options:

Table 18.1. Proxy Server - Configurable Default Options

Option Default Description
bind_ip 127.0.0.1 IP Address for server to bind.
bind_port 8080 Port for server to bind.
swift_dir /etc/swift Swift configuration directory.
workers 1 Number of workers to fork.
user swift Swift user.
cert_file Path to the ssl.crt file.
key_file Path to the ssl.key file.

Note

You must change the bind_ip default value to external IP address of that machine for server to bind. Otherwise, from a remote client, you cannot use native swift-client (/usr/bin/swift) and you will get wrong URL while building X-Storage-Url.

Table 18.2. Proxy Server - Configurable Server Options

Option Default Description
use egg:swift#container Entry point for paste.deploy for the container server.
log_name proxy-server Label used when logging.
log_facility LOG_LOCAL0 Syslog log facility.
log_level INFO Log level.
log_headers True If True, log headers in each request.
recheck_account_existence 60 Cache timeout in seconds to send memcached for account existence.
recheck_container_existence 60 Cache timeout in seconds to send memcached for container existence.
object_chunk_size 65536 Chunk size to read from object servers.
client_chunk_size 65536 Chunk size to read from clients.
memcache_servers 127.0.0.1:11211 Comma separated list of memcached servers ip:port.
node_timeout 10 Request timeout to external services.
client_timeout 60 Timeout to read one chunk from a client.
conn_timeout 0.5 Connection timeout to external services.
error_suppression_interval 60 Time in seconds that must elapse since the last error for a node to be considered no longer error limited.
error_suppression_limit 10 Error count to consider a node error limited.
allow_account_management false Whether account PUTs and DELETEs are even callable.

Enabling Distributed Caching with Memcached

When Object Storage is deployed on two or more machines, not all nodes in your trusted storage pool are used. Installing a load balancer enables you to utilize all the nodes in your trusted storage pool by distributing the proxy server requests equally to all storage nodes.
You must configure the proxy servers on all the nodes to use a distributed memcached to share the authentication token across all the storage nodes. Edit the memcache_servers config option in the proxy-server.conf and list all memcached servers.
Following is an example listing the memcached servers in the proxy-server.conf file.
[filter:cache]
use = egg:swift#memcache
memcache_servers = 192.168.1.20:11211,192.168.1.21:11211,192.168.1.22:11211
The port number on which the memcached server is listening is 11211. You must ensure to use the same sequence for all configuration files.