By default, proxy server only handles HTTP request. To configure the proxy server to process HTTPS requests, perform the following steps:
- Create self-signed cert for SSL using the following commands:
cd /etc/swift openssl req -new -x509 -nodes -out cert.crt -keyout cert.key
- Add the following lines to
/etc/swift/proxy-server.confunder[DEFAULT]bind_port = 443 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key
- Restart the servers using the following commands:
swift-init main stop swift-init main start
The following are the configurable options:
Table 18.1. Proxy Server - Configurable Default Options
| Option | Default | Description |
|---|---|---|
| bind_ip | 127.0.0.1 | IP Address for server to bind. |
| bind_port | 8080 | Port for server to bind. |
| swift_dir | /etc/swift | Swift configuration directory. |
| workers | 1 | Number of workers to fork. |
| user | swift | Swift user. |
| cert_file |
Path to the ssl.crt file.
| |
| key_file |
Path to the ssl.key file.
|
Note
You must change the bind_ip default value to external IP address of that machine for server to bind. Otherwise, from a remote client, you cannot use native swift-client (/usr/bin/swift) and you will get wrong URL while building X-Storage-Url.
Table 18.2. Proxy Server - Configurable Server Options
| Option | Default | Description |
|---|---|---|
| use | egg:swift#container | Entry point for paste.deploy for the container server. |
| log_name | proxy-server | Label used when logging. |
| log_facility | LOG_LOCAL0 | Syslog log facility. |
| log_level | INFO | Log level. |
| log_headers | True | If True, log headers in each request. |
| recheck_account_existence | 60 | Cache timeout in seconds to send memcached for account existence. |
| recheck_container_existence | 60 | Cache timeout in seconds to send memcached for container existence. |
| object_chunk_size | 65536 | Chunk size to read from object servers. |
| client_chunk_size | 65536 | Chunk size to read from clients. |
| memcache_servers | 127.0.0.1:11211 | Comma separated list of memcached servers ip:port. |
| node_timeout | 10 | Request timeout to external services. |
| client_timeout | 60 | Timeout to read one chunk from a client. |
| conn_timeout | 0.5 | Connection timeout to external services. |
| error_suppression_interval | 60 | Time in seconds that must elapse since the last error for a node to be considered no longer error limited. |
| error_suppression_limit | 10 | Error count to consider a node error limited. |
| allow_account_management | false |
Whether account PUTs and DELETEs are even callable.
|
Enabling Distributed Caching with Memcached
When Object Storage is deployed on two or more machines, not all nodes in your trusted storage pool are used. Installing a load balancer enables you to utilize all the nodes in your trusted storage pool by distributing the proxy server requests equally to all storage nodes.
You must configure the proxy servers on all the nodes to use a distributed memcached to share the authentication token across all the storage nodes. Edit the
memcache_servers config option in the proxy-server.conf and list all memcached servers.
Following is an example listing the memcached servers in the
proxy-server.conf file.
[filter:cache] use = egg:swift#memcache memcache_servers = 192.168.1.20:11211,192.168.1.21:11211,192.168.1.22:11211
The port number on which the memcached server is listening is 11211. You must ensure to use the same sequence for all configuration files.