Setting up SSL access
You can configure the dashboard for a simple HTTP deployment.
You can configure the dashboard for a secured HTTPS deployment. While the standard installation uses a non-encrypted HTTP channel, you can enable SSL support for the dashboard.
Setting up SSL access provides secure access between the client and our OpenStack Object Storage environment. It is exactly the same way in which SSL provides secure access to any other web service. To do this, we configure our proxy server with SSL certificates.
To begin with, log in to our swift server.
How to achieve it…
Configuration of OpenStack Object Storage to secure communication between the client and the proxy server is done as follows:
- In order to provide SSL access to our proxy server, we first create the certificates, as follows:
sudo openssl req -new -x509 -nodes -out cert.crt -keyout cert.key
- We need to answer the following questions that the certificate process asks us:
- Once created, we can configure our proxy server to use the certificate and key by
editing the /etc/swift/proxy-server.conf file:
bind_port = 443
cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key
- With this in place, we can restart the proxy server, using the swift-init command, to pick up the change:
sudo swift-init proxy-server restart
How it works…
Configuring OpenStack Object Storage to use SSL involves configuring the proxy server to use SSL. We first configure a self-signed certificate using the openssl command, which asks for various fields to be filled in. An important field is the Common Name field. Put in the fully qualified domain name (FQDN hostname) or IP address that you would use to connect to the Swift server.
Once that has been done, we specify the port, that we want our proxy server to listen on. As we are configuring an SSL HTTPS connection, we will use the standard TCP port 443 that HTTPS defaults to. We also specify the certificate and key that was created in the first step, so when a request is made, this information is presented to the end user to allow secure data transfer.
With this in place, we then restart our proxy server to listen on port 443.