Hi Christian, Thanks for answering!
We solved this with lab services a while back now, and ended up setting up haproxys I front of the ces nodes and then they handle the ssl encryption to the S3 API Thanks Andi Christiansen Sendt fra min iPhone > Den 7. maj 2020 kl. 12.08 skrev Christian Vieser <christian.vie...@1und1.de>: > > > Hi Andi, > up to now there are no instructions available on how to enable SSL on the > Swift/S3 endpoints. > The only thing is that you can enable SSL on the authentication path. So your > connection to Swift authentication on port 35357 will be secured and the S3 > authentication arriving at http port 8080 will internally take the SSL path, > if configured properly. We have successfully done that in a test environment. > Be sure to use the --pwd-file option with the "mmuserauth service create ..." > and verify the proxy settings afterwards. It should look like this: > # mmobj config list --ccrfile proxy-server.conf --section filter:s3token > > [filter:s3token] > auth_uri = https://127.0.0.1:35357/ > use = egg:swift3#s3token > insecure = true > > You can correct wrong settings with > # mmobj config change --ccrfile proxy-server.conf --section filter:s3token > --property insecure --value true > # mmobj config change --ccrfile proxy-server.conf --section filter:s3token > --property auth_uri --value 'https://127.0.0.1:35357/' > > Regards, > Christian > > > i have tried what you suggested. mmobj swift base ran fine. but after i > > have > > deleted the userauth and try to set it up again with ks-ssl enabled it just > > hangs: > > > > # mmuserauth service create --data-access-method object --type local > > --enable-ks-ssl > > > > still waiting for it to finish, 15 mins now.. :) > > > >> Basically all i need is this: > >> > >> https://s3.something.com:8080 https://s3.something.com:8080 which > >> points > >> to the WAN ip of the CES cluster (already configured and ready) > >> > >> and endpoints like this: > >> > >> None | keystone | identity | True | public | > >> https://cluster_domain:5000/ > >> https://cluster_domain:5000/ > >> RegionOne | swift | object-store | True | public | > >> https://cluster_domain:443/v1/AUTH_%(tenant_id)s > >> RegionOne | swift | object-store | True | public | > >> https://cluster_domain:8080/v1/AUTH_%(tenant_id)s > _______________________________________________ > gpfsug-discuss mailing list > gpfsug-discuss at spectrumscale.org > http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
