OpenStack ManualsOpenStack Object Storage Administration Guide  - Grizzly, 2013.1 with Object Storage 1.8.0

  Atom feed of this document
 

 Part I: Setting Up Secure Access

In this part, we'll get the proxy server running with SSL on the Object Storage installation. It's a requirement for using Cyberduck as a client interface to Object Storage.

You will need a key and certificate to do this, which we can create as a self-signed for the tutorial since we can do the extra steps to have Cyberduck accept it. Creating a self-signed cert can usually be done with these commands on the proxy server: 

$ cd /etc/swift
$ openssl req -new -x509 -nodes -out cert.crt -keyout cert.key

Ensure these generated files are in /etc/swift/cert.crt and /etc/swift/cert.key.

You also should configure your iptables to enable https traffic. Here's an example setup that works.

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
76774 1543M ACCEPT     all  --  lo     any     localhost            anywhere            
 416K  537M ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
  106  6682 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:https 
   13   760 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh 
    3   124 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp echo-request 
  782 38880 DROP       all  --  any    any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  any    any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 397K packets, 1561M bytes)
 pkts bytes target     prot opt in     out     source               destination

If you don't have access to the Object Storage installation to configure these settings, ask your service provider to set up secure access for you.

Then, edit your proxy-server.conf file to include the following in the [DEFAULT] sections. 

[DEFAULT]                           
bind_port = 443
cert_file = /etc/swift/cert.crt
key_file = /etc/swift/cert.key

Also, make sure you use https: for all references to the URL for the server in the .conf files as needed.

Verify that you can connect using the Public URL to Object Storage by using the "swift" tool:

$ swift -A https://yourswiftinstall.com:11000/v1.0 -U test:tester -K testing stat

Okay, you've created the access that Cyberduck expects for your Object Storage installation. Let's start configuring the Cyberduck side of things.

Legal notices
loading table of contents...