Bug 1293943 - SSL For Endpoints on the Internal Network
Summary: SSL For Endpoints on the Internal Network
Keywords:
Status: CLOSED DUPLICATE of bug 1336504
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: pyOpenSSL
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Nathan Kinder
QA Contact: Shai Revivo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-23 15:52 UTC by Jeremy
Modified: 2019-10-10 10:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-09 23:59:15 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
sample haproxy.conf from one of the controllers (7.92 KB, text/plain)
2015-12-23 15:52 UTC, Jeremy 		no flags Details
View All

Description Jeremy 2015-12-23 15:52:37 UTC 
Created attachment 1108979 [details]
sample haproxy.conf from one of the controllers

Description of problem:

We currenlty have ssl implemented via haproxy for horizon and keystone for public VIP.  We want to make sure that the internal API endpoints are also using SSL to secure sensitive communication.   If an authorized user, let's say a sysadmin logs into the a node on a cluster, that person can see and capture information that is passed in the clear to api endpoints.

We would like to make sure that internal API's are being used over SSL. 

browser - (https)-> horizon -(http) -> internal API(s)
CLI -(https)-> keystone pub haproxy -(http)->internal keystone API

Needs to be:
browser - (https)-> horizon -(httpS) -> internal API(s)
CLI -(https)-> keystone pub haproxy -(httpS)->internal keystone API




Additional info:
Comment 3 Nathan Kinder 2017-02-09 23:59:15 UTC 

*** This bug has been marked as a duplicate of bug 1336504 ***
Note You need to log in before you can comment on or make changes to this bug.