s0 Is Not A SysadminNov 16

This is a cry for help.

Has anybody on Fedi put OpenStack Swift behind an nginx reverse proxy successfully before?

All the docs seem to suggest it should “just work” but I get 401s on preflight checks to upload media through the reverse proxy, and it works fine direct. I’m forwarding the X-Real-IP etc and swift is recognising that.

My next step is to just futz around with the proxy forward headers in the hope that something will help, but I can’t find any docs to actually address this situation. It’s weird.

Also this is a legacy system running an old version from 2014, so that might contribute. The goal is to have the up-to-date nginx RP doing SSL termination so as to change as little as possible of the config in this legacy mess.

Show threadmr_daemonNov 17

@s0 I did it previously when my provider (ovh) did not have S3 compatible and just old crusty Swift (probably also from the same era tbh) available in the region where I ran my static content server.

Looking back at my then config in git history, the only special things were that I _had_ to disable ssl verification, and set the "Connection" and "Authorization" headers to an empty string ("").

Past that it was just proxy_pass to full endpoint, with proxy_intercept_errors off, and hiding some response headers (Access-Control-Allow-* stuff).

I also added the Access-Control-Allow-Origin header set to "*" in responses, but i don't think that matters here specifically

Show threads0 Is Not A Sysadmin

@mr_daemon yeah I’ve definitely already fucked with the access control allow headers. But yeah they’re a later stage problem

When you say changing the Connection and Authorization headers, were you running to swift with an internal stub SSL? My internal swift server is HTTP only currently but I could try enabling HTTPS on it and reverse proxying re-wrap into that ?

Nov 17 at 3:28amWeb
Show threadmr_daemonNov 17
@s0 I did use ssl on the swift endpoint, but I don't imagine straight http would be an issue, as long as you also do `proxy_set_header X-Forwarded-Proto https`