(1)Ceph集群和rgw搭建請參看我的另一篇博客
博客鏈接如下:
https://www.cnblogs.com/mituxiaogaoyang/p/14489922.html
(2)在RGW部署節點生成CA證書
注:ca證書創建流程多種多樣,如有需要請自行學習,此處僅提供一種稍簡單的創建方式,以下流程請嚴格按照順序執行
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.pem cat server.key >> server.pem
#將生成好的證書復制到其他節點的證書目錄下
scp /etc/ceph/cert/* node02:/etc/ceph/cert/
scp /etc/ceph/cert/* node03:/etc/ceph/cert/
(3)在RGW部署節點開啟https
修改配置文件(單個網關為例)
vi /etc/ceph/ceph.conf
修改內容如下:
#7480為原網關http端口,8080為https端口,/etc/ceph/cert/server.pem為證書路徑
[client.rgw.node01] rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
[client.rgw.node02]
rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
[client.rgw.node03] rgw frontends = civetweb port=0.0.0.0:7480+0.0.0.0:8080s ssl_certificate=/etc/ceph/cert/server.pem
(4)重啟RGW網關
systemctl restart ceph-radosgw@rgw.node01 systemctl status ceph-radosgw@rgw.node01
(5)測試https端口是否開通成功,有返回值代表開通成功
#192.168.5.112為本機ip地址
curl https://192.168.5.112:8080 -k