[Openstack] Reverse proxy component
Uwe Sauter
uwe.sauter.de at gmail.com
Wed Oct 19 07:02:23 UTC 2016
Hi Jose,
slightly off topic but this is the configuration I have in production where Nginx is used as remote.
Replace everything within <>. "YOUR OPENSTACK IP/HOSTNAME" means the IP that your Openstack installation thinks is external, while
"YOUR DOMAIN(s)" means what the revproxy should listen to.
You also have to create at least the file /usr/share/nginx/html/OPENSTACK/index.html which acts as the landing page if someone
only enters your domain as URL.
Regards,
Uwe
------- Begin /etc/nginx/openstack --------
ssl_certificate /etc/nginx/certs/<YOUR SERVER CERTIFICATE>;
ssl_certificate_key /etc/nginx/certs/<YOUR SERVER PRIVATE KEY>;
ssl_dhparam /etc/nginx/certs/<DH KEY EXCHANGE PARAMETER FILE>;
ssl_protocols TLSv1.2 TLSv1.1;
ssl_ciphers AES256+EECDH:AES128+EECDH:!aNULL:!eNULL:!ECDSA:!SHA:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# HTTP # http is only used to present an index where your customers are redirected to the dashboard
server {
server_name <YOUR DOMAIN(s)>;
listen *:80;
root /usr/share/nginx/html/OPENSTACK;
location / {
index index.html;
}
location ~ ^/dashboard {
return 302 https://$host$request_uri;
}
location ~ ^/console {
return 302 https://$host:6080$request_uri;
}
location ~ ^/websockify {
return 302 https://$host:6080$request_uri;
}
}
# HTTPS server #
server {
server_name <YOUR DOMAIN(s)>;
listen *:443;
ssl on;
root /usr/share/nginx/html/OPENSTACK;
location / {
index index.html;
}
######## OpenStack ##########
location ~ ^/dashboard {
sub_filter 'http://<YOUR OPENSTACK IP/HOSTNAME>' 'https://$host';
sub_filter 'http://$host' 'https://$host';
sub_filter_last_modified on;
sub_filter_once off;
sub_filter_types *;
proxy_pass http://<YOUR OPENSTACK IP/HOSTNAME>;
proxy_request_buffering off;
proxy_set_header Host $host;
proxy_set_header Origin http://$host;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
}
##### End OpenStack ##########
}
######## OpenStack ##########
location / {
proxy_pass http://<YOUR OPENSTACK IP/HOSTNAME>:6080;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Origin http://$host;
proxy_set_header X-Real-IP $remote_addr; # The IP address of the client.
proxy_set_header X-Forwarded-Host $host; # The original host requested by the client in the Host HTTP request
header.
proxy_set_header X-Forwarded-Server $host; # The hostname of the proxy server.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # The IP address of the client and all proxies
in between..
}
####### End OpenStack #########
}
------- End /etc/nginx/openstack ----------
Am 19.10.2016 um 07:49 schrieb Jose Manuel Ferrer Mosteiro:
> Hi
>
>
>
>
>
> I wonder if there is some kind of reverse proxy module for OpenStack.
>
> In some cases the OpenStack deployment is in an internal network without external visibility. When I want to expose a server to
> outside I use a nginx or an apache with this configuration:
>
> +++
>
> ProxyPass / http://webpage/
> ProxyPassReverse / http://webpage/
>
> +++
>
>
>
> It is more or less the same functionality that we would make with a F5, ceryx or the OpenShift router.
>
> Is there any "reverse proxy" component for OpenStack?
>
> I cannot find it.
>
>
>
> Thank you,
>
> Jose Manuel
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
More information about the Openstack
mailing list