Add a --s3-unencrypted-connection option to connect to S3 with regular HTTP (and not HTTPS)
Bug #433970 reported by
sagi
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Duplicity |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Currently, when backing up to Amazon S3, an HTTPS connection is always used. This introduces a significant overhead and greatly slows down the upload.
It is possible to use regular HTTP connections by editing botobackend.py and passing is_secure=False to the S3Connection constructor, i.e.:
self.conn = S3Connection(
By doing this I managed to backup performance that is several times faster.
It will be nice to be able to do this without editing the code, by passing a parameter to duplicity or setting an environment variable. I assume it won't make the backup less secure as the data is still encrypted.
Related branches
lp:~mbp/duplicity/433970-non-ssl
- duplicity-team: Pending requested
-
Diff: 79 lines (+27/-3)4 files modifiedduplicity.1 (+15/-1)
duplicity/backends/botobackend.py (+4/-2)
duplicity/commandline.py (+4/-0)
duplicity/globals.py (+4/-0)
- duplicity-team: Pending requested
-
Diff: 923 lines (+362/-16) (has conflicts)7 files modifiedCHANGELOG (+19/-0)
dist/setup.py (+1/-1)
duplicity.1 (+15/-1)
duplicity/backends/botobackend.py (+19/-13)
duplicity/commandline.py (+20/-1)
duplicity/globals.py (+4/-0)
po/duplicity.pot (+284/-0)
Revision history for this message
| Martin Pool (mbp) wrote | #1 |
| Changed in duplicity: | |
| assignee: | nobody → Martin Pool (mbp) |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| Changed in duplicity: | |
| status: | In Progress → Fix Committed |
| milestone: | none → 0.6.11 |
| assignee: | Martin Pool (mbp) → nobody |
| Changed in duplicity: | |
| status: | Fix Committed → Fix Released |
| summary: |
- Add an option to connect to S3 with regular HTTP (and not HTTPS) + Add a --s3-unencrypted-connection option to connect to S3 with regular + HTTP (and not HTTPS) |
To post a comment you must log in.
This would be very nice. It is indeed much faster, and will probably have a stronger effect the further you are from the Amazon datacentre. For me (in Australia) it cut the time to restore a particular backup from 40m to 6m.
I believe this would be a safe change: the s3 headers are digitally signed; the user data is either encrypted (or not) at the gpg level. The information exposure if there's a hostile connection somewhere between you and s3 is that they can see you're doing a duplicity backup and what the backup increments are. It seems to me this means the network is trusted as much as Amazon is trusted, which is a reasonable position.