diff --git a/doc/mgr/dashboard.rst b/doc/mgr/dashboard.rst index 48135f66f3f..b3cae3fbc21 100644 --- a/doc/mgr/dashboard.rst +++ b/doc/mgr/dashboard.rst @@ -551,7 +551,7 @@ twice if you use both sources. should not disturb each other through annoying duplicated notifications popping up. -Accessing the dashboard +Accessing the Dashboard ^^^^^^^^^^^^^^^^^^^^^^^ You can now access the dashboard using your (JavaScript-enabled) web browser, by @@ -734,11 +734,33 @@ view and create Ceph pools, and have read-only access to any other scopes. $ ceph dashboard ac-user-set-roles bob rbd/pool-manager read-only -Reverse Proxies ---------------- +Proxy Configuration +------------------- + +In a Ceph cluster with multiple ceph-mgr instances, only the dashboard running +on the currently active ceph-mgr daemon will serve incoming requests. Accessing +the dashboard's TCP port on any of the other ceph-mgr instances that are +currently on standby will perform a HTTP redirect (303) to the currently active +manager's dashboard URL. This way, you can point your browser to any of the +ceph-mgr instances in order to access the dashboard. + +If you want to establish a fixed URL to reach the dashboard or if you don't want +to allow direct connections to the manager nodes, you could set up a proxy that +automatically forwards incoming requests to the currently active ceph-mgr +instance. + +.. note:: + Note that putting the dashboard behind a load-balancing proxy like `HAProxy + `_ currently has some limitations, particularly if + you require the traffic between the proxy and the dashboard to be encrypted + via SSL/TLS. See `BUG#24662 `_ for + details. + +Configuring a URL Prefix +^^^^^^^^^^^^^^^^^^^^^^^^ If you are accessing the dashboard via a reverse proxy configuration, -you may wish to service it under a URL prefix. To get the dashboard +you may wish to service it under a URL prefix. To get the dashboard to use hyperlinks that include your prefix, you can set the ``url_prefix`` setting: @@ -748,6 +770,7 @@ to use hyperlinks that include your prefix, you can set the so you can access the dashboard at ``http://$IP:$PORT/$PREFIX/``. + .. _dashboard-auditing: Auditing API Requests