Re: [Openstack] Reverse proxy component
You are right. This is the schema: +--+ | | |OPENSTACK | +--+ +---+ | | | | | | | +-+ | | internet +->+ reverse_proxy +>| floating_ip | | | | | | | +---+-+ | +--+ +---+ | | | | | | | v | | +---+ | | |lb_vip | | | ++--+ | | | | | | | | v | | ++ | | |servers | | | ||-+ | | ++ | | ||| | |++ | +--+ A lot of enterprises use only a ip address to expose al the websites so they use a reverse proxy as "router" using "virtualhosts". lbaas works inside openstack very well. I want more or less the same outside openstack. With Designate and Heat I can create a register with the floating ip of the balanced service vip: webpage_record: type: OS::Designate::Record properties: name: webpage.example.com. type: A domain: example.com. data: { get_attr: [webpage_lb_vip_floating_ip, floating_ip_address] } I want to add a route in the reverse_proxy so I want something like: webpage_reverse_proxy: type: OS::ReverseProxy::VirtualHost properties: external_name: webpage.example.com. internal_name: webpage.example.com. external_protocol: HTTPS internal_protocol: HTTP Is there any way to do this? Thank you, Jose Manuel El 2016-10-19 10:50, Federico M. Facca escribió: Let me add a bit, By default lbaas manage ha proxy instances in your openstack, but it's just a matter of creating a proper driver if not existing, to manage a physical lb or an external service providing that. But an external service to your network will need anyhow a public ip on your VMs. So it will be hard to not have external visibility and use, for example amazon lb. Federico Fede's mobile edition DR. FEDERICO MICHELE FACCA _Head of Martel Lab_ MARTEL INNOVATE Dorfstrasse 73 - 3073 Gümligen [1] (Switzerland) 0041 78 807 58 38 [2] 0041 31 994 25 25 [3] martel-innovate.com [4] Il giorno 19 ott 2016, alle ore 10:40, Jose Manuel Ferrer Mosteiroha scritto: Hi, Yes, I can, but I want something with an api, integrated with keystone, ... an openstack component. Designate manages external DNS servers. I mean the same for managing external reverse proxy servers. Jose Manuel El 2016-10-19 08:21, Federico M. Facca escribió: Hi, You can use a load balancer for that, no? Federico Fede's mobile edition DR. FEDERICO MICHELE FACCA _Head of Martel Lab_ MARTEL INNOVATE Dorfstrasse 73 - 3073 Gümligen [1] (Switzerland) 0041 78 807 58 38 [2] 0041 31 994 25 25 [3] martel-innovate.com [4] Il giorno 19 ott 2016, alle ore 07:49, Jose Manuel Ferrer Mosteiro ha scritto: Hi I wonder if there is some kind of reverse proxy module for OpenStack. In some cases the OpenStack deployment is in an internal network without external visibility. When I want to expose a server to outside I use a nginx or an apache with this configuration: +++ ProxyPass / http://webpage/ [5] ProxyPassReverse / http://webpage/ [5] +++ It is more or less the same functionality that we would make with a F5, ceryx or the OpenShift router. Is there any "reverse proxy" component for OpenStack? I cannot find it. Thank you, Jose Manuel ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [6] Post to :
Re: [Openstack] Reverse proxy component
Let me add a bit, By default lbaas manage ha proxy instances in your openstack, but it's just a matter of creating a proper driver if not existing, to manage a physical lb or an external service providing that. But an external service to your network will need anyhow a public ip on your VMs. So it will be hard to not have external visibility and use, for example amazon lb. Federico Fede's mobile edition Dr. Federico Michele Facca Head of Martel Lab Martel Innovate Dorfstrasse 73 - 3073 Gümligen (Switzerland) 0041 78 807 58 38 0041 31 994 25 25 martel-innovate.com > Il giorno 19 ott 2016, alle ore 10:40, Jose Manuel Ferrer Mosteiro >ha scritto: > > Hi, > > Yes, I can, but I want something with an api, integrated with keystone, ... > an openstack component. > > Designate manages external DNS servers. I mean the same for managing external > reverse proxy servers. > > Jose Manuel > > > > > El 2016-10-19 08:21, Federico M. Facca escribió: > >> Hi, >> You can use a load balancer for that, no? >> >> Federico >> >> Fede's mobile edition >> Dr. Federico Michele Facca >> Head of Martel Lab >> >> Martel Innovate >> Dorfstrasse 73 - 3073 Gümligen (Switzerland) >> 0041 78 807 58 38 >> 0041 31 994 25 25 >> martel-innovate.com >> >> >>> Il giorno 19 ott 2016, alle ore 07:49, Jose Manuel Ferrer Mosteiro >>> ha scritto: >>> >>> Hi >>> >>> >>> >>> >>> I wonder if there is some kind of reverse proxy module for OpenStack. >>> >>> In some cases the OpenStack deployment is in an internal network without >>> external visibility. When I want to expose a server to outside I use a >>> nginx or an apache with this configuration: >>> >>> +++ >>> >>> ProxyPass / http://webpage/ >>> ProxyPassReverse / http://webpage/ >>> >>> +++ >>> >>> >>> It is more or less the same functionality that we would make with a F5, >>> ceryx or the OpenShift router. >>> >>> Is there any "reverse proxy" component for OpenStack? >>> >>> I cannot find it. >>> >>> >>> >>> Thank you, >>> >>> Jose Manuel >>> >>> ___ >>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> Post to : openstack@lists.openstack.org >>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Reverse proxy component
Exactly, lbaas is part of neutron. Cheers, Federico Fede's mobile edition Dr. Federico Michele Facca Head of Martel Lab Martel Innovate Dorfstrasse 73 - 3073 Gümligen (Switzerland) 0041 78 807 58 38 0041 31 994 25 25 martel-innovate.com > Il giorno 19 ott 2016, alle ore 10:40, Jose Manuel Ferrer Mosteiro >ha scritto: > > Hi, > > Yes, I can, but I want something with an api, integrated with keystone, ... > an openstack component. > > Designate manages external DNS servers. I mean the same for managing external > reverse proxy servers. > > Jose Manuel > > > > > El 2016-10-19 08:21, Federico M. Facca escribió: > >> Hi, >> You can use a load balancer for that, no? >> >> Federico >> >> Fede's mobile edition >> Dr. Federico Michele Facca >> Head of Martel Lab >> >> Martel Innovate >> Dorfstrasse 73 - 3073 Gümligen (Switzerland) >> 0041 78 807 58 38 >> 0041 31 994 25 25 >> martel-innovate.com >> >> >>> Il giorno 19 ott 2016, alle ore 07:49, Jose Manuel Ferrer Mosteiro >>> ha scritto: >>> >>> Hi >>> >>> >>> >>> >>> I wonder if there is some kind of reverse proxy module for OpenStack. >>> >>> In some cases the OpenStack deployment is in an internal network without >>> external visibility. When I want to expose a server to outside I use a >>> nginx or an apache with this configuration: >>> >>> +++ >>> >>> ProxyPass / http://webpage/ >>> ProxyPassReverse / http://webpage/ >>> >>> +++ >>> >>> >>> It is more or less the same functionality that we would make with a F5, >>> ceryx or the OpenShift router. >>> >>> Is there any "reverse proxy" component for OpenStack? >>> >>> I cannot find it. >>> >>> >>> >>> Thank you, >>> >>> Jose Manuel >>> >>> ___ >>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> Post to : openstack@lists.openstack.org >>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Reverse proxy component
Hi, Yes, I can, but I want something with an api, integrated with keystone, ... an openstack component. Designate manages external DNS servers. I mean the same for managing external reverse proxy servers. Jose Manuel El 2016-10-19 08:21, Federico M. Facca escribió: > Hi, > You can use a load balancer for that, no? > > Federico > > Fede's mobile edition > > DR. FEDERICO MICHELE FACCA > _Head of Martel Lab_ > > MARTEL INNOVATE > Dorfstrasse 73 - 3073 Gümligen [3] (Switzerland) > 0041 78 807 58 38 [4] > 0041 31 994 25 25 [5] > martel-innovate.com [6] > > Il giorno 19 ott 2016, alle ore 07:49, Jose Manuel Ferrer Mosteiro >ha scritto: > >> Hi >> >> I wonder if there is some kind of reverse proxy module for OpenStack. >> >> In some cases the OpenStack deployment is in an internal network without >> external visibility. When I want to expose a server to outside I use a nginx >> or an apache with this configuration: >> >> +++ >> >> ProxyPass / http://webpage/ [1] >> ProxyPassReverse / http://webpage/ [1] >> >> +++ >> >> It is more or less the same functionality that we would make with a F5, >> ceryx or the OpenShift router. >> >> Is there any "reverse proxy" component for OpenStack? >> >> I cannot find it. >> >> Thank you, >> >> Jose Manuel > >> ___ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> [2] >> Post to : openstack@lists.openstack.org >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> [2] Links: -- [1] http://webpage/ [2] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3] x-apple-data-detectors://1/0 [4] tel:0041%2078%20807%2058%2038 [5] tel:0041%2031%20994%2025%2025 [6] http://martel-innovate.com/ ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Reverse proxy component
Hi Jose, slightly off topic but this is the configuration I have in production where Nginx is used as remote. Replace everything within <>. "YOUR OPENSTACK IP/HOSTNAME" means the IP that your Openstack installation thinks is external, while "YOUR DOMAIN(s)" means what the revproxy should listen to. You also have to create at least the file /usr/share/nginx/html/OPENSTACK/index.html which acts as the landing page if someone only enters your domain as URL. Regards, Uwe --- Begin /etc/nginx/openstack ssl_certificate/etc/nginx/certs/; ssl_certificate_key/etc/nginx/certs/; ssl_dhparam/etc/nginx/certs/; ssl_protocols TLSv1.2 TLSv1.1; ssl_ciphers AES256+EECDH:AES128+EECDH:!aNULL:!eNULL:!ECDSA:!SHA:!DSS; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout10m; # HTTP # http is only used to present an index where your customers are redirected to the dashboard server { server_name ; listen *:80; root/usr/share/nginx/html/OPENSTACK; location / { index index.html; } location ~ ^/dashboard { return302 https://$host$request_uri; } location ~ ^/console { return302 https://$host:6080$request_uri; } location ~ ^/websockify { return302 https://$host:6080$request_uri; } } # HTTPS server # server { server_name; listen *:443; sslon; root/usr/share/nginx/html/OPENSTACK; location / { index index.html; } OpenStack ## location ~ ^/dashboard { sub_filter 'http://' 'https://$host'; sub_filter 'http://$host''https://$host'; sub_filter_last_modified on; sub_filter_once off; sub_filter_types *; proxy_pass http://; proxy_request_buffering off; proxy_set_header Host $host; proxy_set_header Origin http://$host; proxy_set_header Accept-Encoding ""; proxy_set_header X-Real-IP$remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Proto$scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout90; proxy_send_timeout 90; proxy_read_timeout 90; } # End OpenStack ## } OpenStack ## location / { proxy_pass http://:6080; proxy_request_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header Origin http://$host; proxy_set_header X-Real-IP$remote_addr; # The IP address of the client. proxy_set_header X-Forwarded-Host $host; # The original host requested by the client in the Host HTTP request header. proxy_set_header X-Forwarded-Server $host; # The hostname of the proxy server. proxy_set_header X-Forwarded-Proto$scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # The IP address of the client and all proxies in between.. } ### End OpenStack # } --- End /etc/nginx/openstack -- Am 19.10.2016 um 07:49 schrieb Jose Manuel Ferrer Mosteiro: > Hi > > > > > > I wonder if there is some kind of reverse proxy module for OpenStack. > > In some cases the OpenStack deployment is in an internal network without > external visibility. When I want to expose a server to > outside I use a nginx or an apache with this configuration: > > +++ > > ProxyPass / http://webpage/ > ProxyPassReverse / http://webpage/ > > +++ > > > > It is more or less the same functionality that we would make with a F5, ceryx > or the OpenShift router. > > Is there any "reverse proxy" component for OpenStack? > > I cannot find it. > > > > Thank you, > > Jose Manuel > > > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe :