Add guide for enabling RGW with TLS certificate#671
Add guide for enabling RGW with TLS certificate#671anantone wants to merge 2 commits intocanonical:mainfrom
Conversation
This guide details the steps to enable RGW with a TLS certificate for a MicroCeph single node installation, including prerequisites, certificate acquisition using Certbot, and configuration verification.
|
I closed this one by mistake, thanks @sabaini for pointing it out. |
Empty commit to rerun checks
|
I've now signed the CLA. |
| ============= | ||
|
|
||
| - `a MicroCeph single node installation <https://canonical-microceph.readthedocs-hosted.com/latest/tutorial/get-started/>`_. This will have RGW enabled. | ||
| - `a valid TLS certificate`_. We will use Certbot to obtain a TLS certificate from Let's Encrypt. You can also use a self-signed certificate, or request one from an external/commercial CA. |
There was a problem hiding this comment.
Hm, we're listing this under Prerequisites but at the same time say we're going to create one which seems contradictory. Personally I'd lean towards asking for a cert as a prereq. and only providing pointers on how to obtain one (LetsEncrypt or other means).
|
|
||
| MKc2mNJmrOuZ5-6zcxnD3NUCb_0w_mRG8bOPIA8K66w | ||
|
|
||
| Your certificate should be automatically issued and downloaded. |
There was a problem hiding this comment.
This assumes that users have control over the DNS of the domain they want to host it on. I'm a bit worried that creating TLS certs will get out of scope for this tutorial. I'd lean towards asking for certs as a preqrequisite, provide pointers to instructions on how to get one (certbot if they can, self-signed or bought otherwise)
|
|
||
| sudo microceph enable rgw \ | ||
| --ssl-certificate "$(base64 -w0 ./domain.crt)" \ | ||
| --ssl-private-key "$(base64 -w0 ./domain.key)" |
There was a problem hiding this comment.
Nit: typically certbot will create a 0600 root owned key, which means the base64 which is running with non-sudo privs here won't be able to read it
| sudo microceph enable rgw \ | ||
| --ssl-port 7443 \ | ||
| --ssl-certificate "$(base64 -w0 ./domain.crt)" \ | ||
| --ssl-private-key "$(base64 -w0 ./domain.key)" |
3 participants
This guide details the steps to enable RGW with a TLS certificate for a MicroCeph single node installation, including prerequisites, certificate acquisition using Certbot, and configuration verification.
Fixes #596