Le 06/06/2025 à 11:41:46+0000, Michael Worsham a écrit Hi, > > service_type: rgw > service_id: encrypted_rgw > placement: > label: encrypted > count_per_host: 1 > networks: > - your-network/24 > spec: > rgw_frontend_port: 8101 > ssl: true > rgw_frontend_ssl_certificate: | > > It should follow the certificate chain your SSL provider gives, generally the > order would be: Your Certificate → Intermediary Certificate(s) → Root > Certificate → Private Key
Thanks...but that's not working. First I check (again) the certicats (we use same certificats and chain CA on our website). Than I try every possible combinaisons (well not all, didn't try random order ;-) ) I check with the openssl the key is correct against the certificat. I check the yaml is correctly formated. But not working. Too much waste time, I will just run the rgw without ssl, after all I got a haproxy in the front and he got the certificat without a issue. But if someone know where the problem is I will be glad to know and learn something. Thanks again. Regards > > This is an external email. Please take care when clicking links or opening > attachments. When in doubt, check with the Help Desk or Security. > > > Hi everyone. > > I'm trying to configure a RGW for S3. > > I'm currently running reef 18.2.7 > > I was able to make the rgw working (= the service is up and listen on the > correct port) without ssl. > > I'm trying to configure the ssl port and I didn't find the correct syntaxe > for that. > > I create a yaml file with something like > > spec: > rgw_frontend_port: 8080 > zone_endpoints: https://host1:8080, https://host2:8080,etc. > ssl: true > rgw_frontend_ssl_certificate: | > -----BEGIN RSA PRIVATE KEY----- > .... > -----END RSA PRIVATE KEY----- > -----BEGIN CERTIFICATE----- > ..... > -----END CERTIFICATE----- > > or with the all chain of CA > > spec: > rgw_frontend_port: 8080 > zone_endpoints: https://host1:8080, https://host2:8080,etc. > ssl: true > rgw_frontend_ssl_certificate: | > -----BEGIN RSA PRIVATE KEY----- > .... > -----END RSA PRIVATE KEY----- > -----BEGIN CERTIFICATE----- > ..... > -----END CERTIFICATE----- > -----BEGIN CERTIFICATE----- > ..... > -----END CERTIFICATE----- > ..... > -----BEGIN CERTIFICATE----- > ..... > -----END CERTIFICATE----- > > both not working the journalctl say > > ssl_private_key was not found: rgw/cert/obspm/meudon.key > > I find somewhere on the net this syntaxe > > spec: > rgw_frontend_port: 8080 > zone_endpoints: https://host1:8080, https://host2:8080,etc. > ssl: true > ssl_private_key: | > -----BEGIN RSA PRIVATE KEY----- > .... > -----END RSA PRIVATE KEY----- > ssl_certificate: | > -----BEGIN CERTIFICATE----- > ..... > -----END CERTIFICATE----- > > and I got > > Error EINVAL: ServiceSpec: __init__() got an unexpected keyword argument > 'ssl_private_key' > > > Any clue ? > > Regards > > -- > Albert SHIH 🦫 🐸 > France > Heure locale/Local time: > ven. 06 juin 2025 10:47:08 CEST > _______________________________________________ > ceph-users mailing list -- ceph-users@ceph.io > To unsubscribe send an email to ceph-users-le...@ceph.io > This message and its attachments are from Data Dimensions and are intended > only > for the use of the individual or entity to which it is addressed, and may > contain information that is privileged, confidential, and exempt from > disclosure under applicable law. If the reader of this message is not the > intended recipient, or the employee or agent responsible for delivering the > message to the intended recipient, you are hereby notified that any > dissemination, distribution, or copying of this communication is strictly > prohibited. If you have received this communication in error, please notify > the > sender immediately and permanently delete the original email and destroy any > copies or printouts of this email as well as any attachments. -- Albert SHIH 🦫 🐸 Observatoire de Paris France Heure locale/Local time: ven. 06 juin 2025 16:44:45 CEST _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
