The ask.openstack.org website will be read-only from now on. Please ask questions on the openstack-discuss mailing-list, stackoverflow.com for coding or serverfault.com for operations.
 | 1 | initial version |
I found a way using my current NGINX reverse proxy, just added a custom location to my horizon site:
location ^~ /authapi/ {
proxy_pass http://keystone:5000/;
}
And now I can access keystone externally on https://openstack.domain.com/authapi/v2.0/tokens and get the endpoints via JSON however I still get them as:
adminURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
publicURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
I can create separate custom locations on NGINX for each endpoint but how do I update the endpoints so the internal services still communicate using the internal address but just external clients access the externally available endpoints? I believe internally they'll still use whatever is on "publicURL", right?
| | 2 | No.2 Revision |
I found a way using my current NGINX reverse proxy, just added a custom location to my horizon site:
location ^~ /authapi/ {
proxy_pass http://keystone:5000/;
}
And now I can access keystone externally on https://openstack.domain.com/authapi/v2.0/tokens and get the endpoints via JSON however I still get them as:
adminURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
publicURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
I can create separate custom locations on NGINX for each endpoint but how do I update the endpoints on the keystone DB so the internal services still communicate using the internal address but just external clients access the externally available endpoints? I believe internally they'll still use whatever is on "publicURL", right?
| | 3 | No.3 Revision |
I found a way using my current NGINX reverse proxy, just added a custom location to my horizon site:
location ^~ /authapi/ {
proxy_pass http://keystone:5000/;
}
And now I can access keystone externally on https://openstack.domain.com/authapi/v2.0/tokens and get the endpoints via JSON however I still get them as:
adminURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
publicURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
I can create separate custom locations on NGINX for each endpoint but how do I update the endpoints on the keystone DB so the internal services still communicate using the internal address but just external clients access the externally available endpoints? I believe internally they'll still use whatever is on "publicURL", right?
Would there be any easier way of accomplishing external access?