HTTP Proxy Support for Glance S3 Driver

Currently the S3 store does not allow operators to connect to an S3 backend through a proxy. This can create limitations on the ability to connect to the S3 backend securely from a different network. I propose to add the option to use a proxy to connect to an S3 backend.

Problem description

If glance store is configured to use the S3 backend and the backend is behind a private network and needs to be accessed remotely, there is no secure way to access the S3 backend securely.

Proposed change

Boto, the library that is used to make the connection to the S3 backend, already supports proxy configurations. I propose that we enable the connection to accept additional config options to give users the option to connect through a proxy.

The following configurations would be added:

  • s3_store_enable_proxy: Enables the use of a proxy

  • s3_store_proxy_host: The proxy server (required when proxy is enabled)

  • s3_store_proxy_port: The port to connect to the proxy

  • s3_store_proxy_user: The username of the proxy connection.

  • s3_store_proxy_password: The password to be used to connect through the proxy.


The user can use system wide proxy parameters, but would limit the ability to connect from an outside network.

Data model impact


REST API impact


Security impact

This would introduce security settings to be modified by user. The ability to connect through a proxy will provide a good way to secure connections.

Notifications impact


Other end user impact

This introduces proxy configuration options in the store configuration.

Performance Impact


Other deployer impact

This change will have to be explicitly configured in the store options.

Developer impact




Primary assignee:



Core reviewer(s):

flaper87 sigmavirus24

Other reviewer(s):


Work Items

  • Add configurations (proxy name, port, user, password, default number of retries to S3, etc).

  • Modify connections made to S3 to optionally accept proxy parameters.

  • Create additional unit tests for connections made to the S3 backend using a proxy.




Unit testing will be needed for testing proxy connection.

Documentation Impact

Documentation for the S3 store will need to be updated to include proxy opts.