Mindmajix

Setting up SSL access

You can configure the dashboard for a simple HTTP deployment.

You can configure the dashboard for a secured HTTPS deployment. While the standard installation uses a non-encrypted HTTP channel, you can enable SSL support for the dashboard.

Setting up SSL access provides secure access between the client and our OpenStack Object Storage environment. It is exactly the same way in which SSL provides secure access to any other web service. To do this, we configure our proxy server with SSL certificates.

Getting ready..

To begin with, log in to our swift server.

How to achieve it…

Configuration of OpenStack Object Storage to secure communication between the client and the proxy server is done as follows:

  • In order to provide SSL access to our proxy server, we first create the certificates, as follows:

cd /etc/swift

sudo openssl req -new -x509 -nodes -out cert.crt -keyout cert.key

  • We need to answer the following questions that the certificate process asks us:

Screenshot_109

  • Once created, we can configure our proxy server to use the certificate and key by

editing the /etc/swift/proxy-server.conf file:

bind_port = 443

cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key

  • With this in place, we can restart the proxy server, using the swift-init command, to pick up the change:

sudo swift-init proxy-server restart

How it works…

Configuring OpenStack Object Storage to use SSL involves configuring the proxy server to use SSL. We first configure a self-signed certificate using the openssl command, which asks for various fields to be filled in. An important field is the Common Name field. Put in the fully qualified domain name (FQDN hostname) or IP address that you would use to connect to the Swift server.

Once that has been done, we specify the port, that we want our proxy server to listen on. As we are configuring an SSL HTTPS connection, we will use the standard TCP port 443 that HTTPS defaults to. We also specify the certificate and key that was created in the first step, so when a request is made, this information is presented to the end user to allow secure data transfer.

With this in place, we then restart our proxy server to listen on port 443.

http://docs.openstack.org/security-guide/secure-communication/secure-reference-architectures.html


0 Responses on Setting up SSL access"

Leave a Message

Your email address will not be published. Required fields are marked *

Copy Rights Reserved © Mindmajix.com All rights reserved. Disclaimer.
Course Adviser

Fill your details, course adviser will reach you.