Member-only story

Ceph Object Storage with https

https setup

3 min readJul 18, 2023

In a previous article, we covered how to deploy Rados Gateway (RGW) service, create system/normal users, and access the service using user information in a python test program.

In this article, we will explain how to enable https for RGW services. The steps are

Obtain a private key and a certificate
Apply https configuration to RGW services

In real situations, a private key and a certificate may be given. How to obtain them is not a main focus of this article. However, for the completeness and testing purpose, we will show how to generate them at the end of this article.

Application of https configuration is pretty simple though.

Applying https configuration to RGW services

First we need to create a configuration yaml file. The format of this yaml is shown below.

service_type: rgw
service_id: [servie id]
spec:
  rgw_frontend_ssl_certificate: |
    -----BEGIN PRIVATE KEY-----
    ...
    -----END PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
  ssl: true

Given a private key and a certificate, we can place them in the yaml. For service id, we can run this Ceph command to list RGW services.

sudo ceph orch ls --service_type rgw

Ceph Object Storage with https

https setup

Applying https configuration to RGW services

Written by DaeGon Kim

No responses yet