Blog

Setting up SSL access-Openstack

  • (4.0)
  • | 801 Ratings |
  • Last Updated June 29, 2017

You can configure the dashboard for a simple HTTP deployment.
You can configure the dashboard for a secured HTTPS deployment. While the standard installation uses a non-encrypted HTTP channel, you can enable SSL support for the dashboard.
Setting up SSL access provides secure access between the client and our OpenStack Object Storage environment. It is exactly the same way in which SSL provides secure access to any other web service. To do this, we configure our proxy server with SSL certificates.

Getting ready..

To begin with, log in to our swift server.

To gain in-depth knowledge and be on par with practical experience, then explore  OpenStack Training course.

How to achieve it…

Configuration of OpenStack Object Storage to secure communication between the client and the proxy server is done as follows:

1. In order to provide SSL access to our proxy server, we first create the certificates, as follows:
 cd /etc/swift
 sudo openssl req -new -x509 -nodes -out cert.crt -keyout cert.key

2. We need to answer the following questions that the certificate process asks us:

3. Once created, we can configure our proxy server to use the certificate and key by
 editing the /etc/swift/proxy-server.conf file:
 bind_port = 443
 cert_file = /etc/swift/cert.crt key_file = /etc/swift/cert.key

4. With this in place, we can restart the proxy server, using the swift-init command, to pick up the change:
sudo swift-init proxy-server restart

 

Explore OpenStack Sample Resumes! Download & Edit, Get Noticed by Top Employers!  Download Now!

How it works…

Configuring OpenStack Object Storage to use SSL involves configuring the proxy server to use SSL. We first configure a self-signed certificate using the openssl command, which asks for various fields to be filled in. An important field is the Common Name field. Put in the fully qualified domain name (FQDN hostname) or IP address that you would use to connect to the Swift server.
Once that has been done, we specify the port, that we want our proxy server to listen on. As we are configuring an SSL HTTPS connection, we will use the standard TCP port 443 that HTTPS defaults to. We also specify the certificate and key that was created in the first step, so when a request is made, this information is presented to the end user to allow secure data transfer.
With this in place, we then restart our proxy server to listen on port 443.
https://docs.openstack.org/security-guide/secure-communication/secure-reference-architectures.html

 

Related Pages:
Openstack Tutorial

Interview Questions:
Openstack Interview Questions

 


Subscribe For Free Demo

Free Demo for Corporate & Online Trainings.