how to configure openstack swift proxy with nginx - openstack-swift

How to configure open stack swift proxy with Nginx? Basically I want to upload large file to swift storage node through swift proxy without REST interface.
Is it possible to upload a file with out REST interface?

I wouldn't say it's impossible but it's HIGHLY undesirable. When you upload a file to swift it does a lot of operation to ensure durability and consistency. It would so much effort it's not a good idea.
What is your specific reason for that? On our cluster, we use Nginx doing reverse proxy to swift proxy without any big issue.
This conf can do the basics so Nginx will only reverse proxy to your swift proxy:
location / {
root html;
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
PS: the above exemple is really the essentials. You can improv it A LOT, according to your needs.

Related

Can Vapor 4 serve both HTTP and HTTPS requests in the same application?

I have a Vapor 4 app which is successfully serving HTTPS requests with no issues.
I would like it to also respond to HTTP requests on a custom port number, which will be for providing some back-end control and monitoring hooks that are called by other services on the same server, and won't be publicly reachable.
When I search Google and browse the Vapor docs for how to do this, I only get results for a very old version of Vapor, using a configuration file to specify HTTP/HTTPS server and port configurations.
Does anyone know if this type of configuration be done on Vapor 4?
Cheers and thanks in advance!
No Vapor 4 cannot serve different protocols on the same port/application. The easiest way around is to run two instances of the application, one for each. Or just get the internal traffic to use HTTPS.
Another option would be to stick Nginx in front or similar

Recommended way of serving static content like videos/images on k8s

I'm pretty green with Kubernetes but have some experience with Google Container Engine. I'm struggling to find a good solution for serving media content from applications.
I've currently got media stored in a public bucket on Google Cloud Platform, and i'm running an NGINX proxy on local to take any path /images to the bucket for example:
location /videos {
proxy_pass https://storage.googleapis.com/bucket-name/videos;
proxy_intercept_errors on;
error_page 500 502 503 504 404 = #localmedia;
}
What way would you recommend to serve media content on applications running on k8s?
If you need to serve static files form Google Cloud Storage the best way is to use directly the custom domain bucket feature no use K8S.
https://cloud.google.com/storage/docs/hosting-static-website
Basically you need to create your bucket as public with the name of the domain or subdomain you want to use and pint it as a CNAME to the special domain c.storage.googleapis.com
With that said, what is the main reason to use k8s?

Use haproxy as a reverse proxy with an application behind Internet proxy

I need to integrate several web applications on-premise and off-site under a common internally hosted URL. The on-premise applications are in the same data center as the haproxy, but the off-site applications can only be reached via a http proxy because the server on which haproxy is running has no direct Internet access. Therefore I have to use a http Internet proxy, SOCKS might be an option too.
How can I tell haproxy that a backend can only be reached via proxy ?
I would rather not use an additional component like socksify / proxifier / proxychains / tsocks / ... because this introduces additional overhead.
This picture shows the components involved in the setup:
When I run this on a machine with direct Internet connection I can use this config and it works just fine:
frontend main
bind *:8000
acl is_extweb1 path_beg -i /policies
acl is_extweb2 path_beg -i /produkte
use_backend externalweb1 if is_extweb1
use_backend externalweb2 if is_extweb2
backend externalweb1
server static www.google.com:80 check
backend externalweb2
server static www.gmx.net:80 check
(Obviously these are not the URLs I am talking to, this is just an example)
Haproxy is able to check the external applications and routes traffic to them:
In the safe environment of the company I work at I have to use a proxy and haproxy is unable to connect to the external applications.
How can I enable haproxy to use those external web application servers behind a http proxy (no authentication needed) while providing access to them through a common http page / via browser ?
How about to use delegate ( http://delegate.org/documents/ ) for this, just as an idea.
haproxy -> delegate -f -vv -P127.0.0.1:8081 PROXY=<your-proxy>
http://delegate9.org/delegate/Manual.shtml?PROXY
I know it's not that elegant but it could work.
I have tested this setup with a local squid and this curl call
echo 'GET http://www.php.net/' |curl -v telnet://127.0.0.1:8081
The curl call simluates the haproxy tcp call.
I was intrigued to make it work but i really could not find anything in the haproxy documentation, so i googled a bit and found that nginx might do the trick, but it didn't for me, after a bit more of googleing i ended up finding a configuration for apache that works.
here is the important part:
Listen 80
SSLProxyEngine on
ProxyPass /example/ https://www.example.com/
ProxyPassReverse /example/ https://www.example.com/
ProxyRemote https://www.example.com/ http://corporateproxy:port
ProxyPass /google/ https://www.google.com/
ProxyPassReverse /google/ https://www.google.com/
ProxyRemote https://www.google.com/ http://corporateproxy:port
i'm quite sure there should be a way to translate this configuration to nginx and even to haproxy... if i manage to find the time i will update the answer with my findings.
for apache to work you should also enable a few modules, i put up a github repository with a basic docker configuration that showcases feel free to have a look at that to see the full working configuration.

SSL offloading / redirecting specific URLs using HAproxy?

I have a working setup using a hardware load balancer that controls redirection in such a fashion that all requests to http://example.com/login/* are redirected (using HTTP 302) to https://example.com/login/* and all requests that are NOT for /login are inversely redirected from HTTPS to HTTP.
This allows me to wrap the login functions and user/password exchange in SSL but otherwise avoid slowing connections with encryption and also solving some problems with embedded content mixed content warnings in some browsers.
The load balance, however, is end of life and I am looking for a replacement solution, preferably in software.
I think HAproxy is going to be able to serve as my load balacing solution, but I have only been able to find configuration examples and documentation for redirecting everything from HTTP to HTTPS, or vice versa.
Is it possible to do what I am proposing using HAproxy or should I look for a different solution?
I realize I will need to use the development version of HAproxy to support SSL at all.
I would suggest you do not use a DEV build for your production environment.
To answer your question, I would assume you're going to use HAProxy version 1.4:
Is it possible to do what I am proposing using HAProxy or should I look for a different solution?
Yes. It is possible but you have to use another software to handle the HTTPS traffic. Stunnel is proven to be good in this. So I'd say the setup is going to be:
HAProxy 1.4
# Redirect http://../login to https://../login
frontend HTTPSRedirect
bind 1.2.3.4:80
default_backend AppServers
redirect prefix https://www.domain.com/login if { path_beg -i /login }
# Handler for requests coming from Stunnel4.
frontend HTTPReceiver
bind 5.6.7.8:80
default_backend AppServers
Stunnel4
[https]
accept=443
connect=5.6.7.8:80 (HAProxy IP)

Accessing couchdb futon thru https

I've got a problem accessing futon interface when it is proxied using nginx.
This config works fine when http protocol is used, but when I try to use
https, I constantly receive no_db_file errors (but operations succeed,
e.g. I can create databases, insert values, etc.)
location / {
proxy_pass http://127.0.0.1:5984;
}
What can I do to make it work correctly using https protocol?
I have used Apache proxying to proxy https to http to do https on CouchDB: http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy
I have found that a trailing slash on the URL affects whether or not https proxying works. Maybe it affects Nginx the same way?
That's not bad! At least you have a working link between nginx and CouchDB.
no_db_file is CouchDB's 404 response when a database (the first thing after the slash) is not there. Check the logs and see what path CouchDB actually received in the query. It may be one of the AJAX calls that Futon does; but whatever it is, the logs will say.