RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-04 10:12:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: Added DNS and SSL dialog.

Browse Source 
Signed-off-by: John Wilkins <john.wilkins@inktank.com>
This commit is contained in:
John Wilkins 2013-11-04 12:50:30 -08:00
parent 698df04606
commit 2bf8ff4b68
1 changed files with 104 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
doc/install/install-ceph-gateway.rst
View File

@ -213,7 +213,106 @@ RPM-based Packages
.. _Installing YUM Priorities: ../yum-priorities .. _Installing YUM Priorities: ../yum-priorities
Enable SSL
==========
Some REST clients use HTTPS by default. So you should consider enabling SSL
for Apache. Use the following procedures to enable SSL.
.. note:: You can use self-certified certificates. Some client
APIs check for a trusted certificate authority. You may need to obtain
a SSL certificate from a trusted authority to use those client APIs.
Debian Packages
---------------
To enable SSL for Debian/Ubuntu systems, execute the following steps:
#. Ensure that you have installed the dependencies. ::
sudo apt-get install openssl ssl-cert
#. Enable the SSL module. ::
sudo a2enmod ssl
#. Generate a certificate. ::
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
#. Restart Apache. ::
service apache2 restart
See the `Ubuntu Server Guide`_ for additional details.
RPM Packages
------------
To enable SSL for RPM-based systems, execute the following steps:
#. Ensure that you have installed the dependencies. ::
sudo yum install mod_ssl openssl
#. Ensure the SSL module is enabled.
#. Generate a certificate and copy it the appropriate locations. ::
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
#. Restart Apache. ::
/etc/init.d/httpd restart
See `Setting up an SSL secured Webserver with CentOS`_ for additional details.
Add Wildcard to DNS
===================
To use Ceph with S3-style subdomains (e.g., ``bucket-name.domain-name.com``),
you need to add a wildcard to the DNS record of the DNS server you use with the
``radosgw`` daemon.
.. tip:: The address of the DNS must also be specified in the Ceph
configuration file with the ``rgw dns name = {hostname}`` setting.
For ``dnsmasq``, consider addding the following ``address`` setting with a dot
(.) prepended to the host name::
address=/.{hostname-or-fqdn}/{host-ip-address}
address=/.ceph-node/192.168.0.1
For ``bind``, consider adding the a wildcard to the DNS record::
$TTL 604800
@ IN SOA ceph-node. root.ceph-node. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ceph-node.
@ IN A 192.168.122.113
* IN CNAME @
Restart your DNS server and ping your server with a subdomain to
ensure that your Ceph Object Store ``radosgw`` daemon can process
the subdomain requests. ::
ping mybucket.{fqdn}
ping mybucket.ceph-node
Install Ceph Object Gateway Install Ceph Object Gateway
=========================== ===========================
@ -251,4 +350,8 @@ following::
To install the Ceph Object Gateway synchronization agent, execute the To install the Ceph Object Gateway synchronization agent, execute the
following:: following::
yum install radosgw-agent yum install radosgw-agent
.. _Ubuntu Server Guide: https://help.ubuntu.com/12.04/serverguide/httpd.html
.. _Setting up an SSL secured Webserver with CentOS: http://wiki.centos.org/HowTos/Https