On 21/06/12 09:27, Joseph Heck wrote: > Honestly the only reason is that I've heard some fairly direct feedback that > port 5000 is that MS uPnP port and hence blocked by many corporate entities, > so it's just a matter of a PITA and a slight bump in setup for those groups. > Thought to honestly register another port with IANA like 35357 and put it in > place - wanted to see if anyone screamed first. >
Disclaimer: I've never used keystone with nova, only swift user here! Are you using keystone with SSL? It's recommended you use a SSL terminator and instead of Python SSL implementation, so you're using port 5000 in localhost only: keystone (127.0.0.1:5000) HTTP -> SSL terminator* (public-ip:443) -> HTTPS <- Client requests * ie. Pound http://www.apsis.ch/pound/ If you're not using SSL I guess it makes sense to use an HTTP proxy too because of security reasons. Running nginx/apache or something like that in front of keystone looks like a reasonable thing to do, because it will sanitise any malformed request. So I think using port 5000 is not a problem because it shouldn't be used directly in production; unless I'm missing something! Kind regards, Juan _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp