Securing Swift API Service Endpoints

In previous i have posted about OpenStack Object Storage(swift), this post is Securing Object Storage Service API endpoints in OpenStack Queens environment(Configuring OpenSSL)

Consider your having Swift API service endpoints in https like below mentioned

Consider your having Certificate and key file like below mentioned

Certificate File – openstack.crt and Key File – openstack.key

Steps to Configure SSL for Swift Service API endpoints

sudo nano /etc/swift/proxy-server.conf


cert_file = /etc/apache2/ssl/openstack.crt
key_file = /etc/apache2/ssl/openstack.key


paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = https://controller:5000
auth_url = https://controller:5000
memcached_servers = controller:11211
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = root
delay_auth_decision = True
auth_protocol = https
insecure = true

after making changes in proxy-server.conf file restart memcache and swift services in all nodes

Check OpenSSL configuration by swift stat –insecure

Note : The minimal requirement for this configuration is, Keystone and swift environment. Before issuing Commands in the swift or OpenStack client, the credentials should be sourced for authentication(. admin-openrc)