Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
ANY
-
Description
Hello,
We are proceeding to the next steps of a prototype deployment of the gateway publishing system. Previously we had a small self-contained system in one private network, but now the connection from the publishers to the gateway server will cross different networks. We anticipate there will be more publishing groups, each of which will manage their own publishing node in different places, so the gateway will need to listen on a public IP address. The gateway listening on port 4929 should have support for using a TLS certificate to secure the connection, so that the secret API key is not transmitted in plain text using HTTP over a public network.
This will make it possible for publishing systems to connect securely to a gateway server from anywhere. Preferably we could specify file locations e.g. in /etc/cvmfs/gateway/certificates/ for the gateway to read the private key and public certificate to use.
Thanks!