<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<div>I just recently joined a team in charge of implementing OpenStack deployment which I'm trying to grasp the design of.</div>
<div><br>
</div>
<div>One problem I encountered is that the openstack environment is on a pretty closed network and I need to use ssh </div>
<div>tunnelling to be able to access horizon, so I started to look into fronting the service with a reverse proxy </div>
<div>(making it available throug, horizon.example.com/horizon), then I noticed the horizon UI needs to contact the </div>
<div>Identity service, which I also fronted with a reverse proxy (identity.example.com:5000/v2.0) and configured</div>
<div>OPENSTACK_HOST = identity.example.com in /etc/openstack-dashboard/local_settings.py</div>
<div><br>
</div>
<div>The reverse proxy proxies requests to http://control1:5000 so when the response is sent back from the api it includes </div>
<div><link href="http://http://control1:5000/v2.0/" rel="self"/> which the client has no network access to and a possible solution</div>
<div>would be to edit the url in /etc/keystone/keystone.conf then it dawned on me that we might have to re-think this design.</div>
<div><br>
</div>
<div>Possibly we are taking the wrong approach so I wanted to reach out to get some opinions on this matter since I'm new </div>
<div>to the architecture of OpenStack and haven't yet totally grasped how things are supposed to work together.<br>
</div>
<div><br>
</div>
<div>Regards, Davíd Johannsson<br>
</div>
<p><br>
</p>
</body>
</html>