Revision history [back]

click to hide/show revision 1
initial version

I found a way using my current NGINX reverse proxy, just added a custom location to my horizon site:

 location ^~ /authapi/ {
          proxy_pass http://keystone:5000/;
        }

And now I can access keystone externally on https://openstack.domain.com/authapi/v2.0/tokens and get the endpoints via JSON however I still get them as:

adminURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
publicURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

I can create separate custom locations on NGINX for each endpoint but how do I update the endpoints so the internal services still communicate using the internal address but just external clients access the externally available endpoints? I believe internally they'll still use whatever is on "publicURL", right?

I found a way using my current NGINX reverse proxy, just added a custom location to my horizon site:

 location ^~ /authapi/ {
          proxy_pass http://keystone:5000/;
        }

And now I can access keystone externally on https://openstack.domain.com/authapi/v2.0/tokens and get the endpoints via JSON however I still get them as:

adminURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
publicURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

I can create separate custom locations on NGINX for each endpoint but how do I update the endpoints on the keystone DB so the internal services still communicate using the internal address but just external clients access the externally available endpoints? I believe internally they'll still use whatever is on "publicURL", right?

I found a way using my current NGINX reverse proxy, just added a custom location to my horizon site:

 location ^~ /authapi/ {
          proxy_pass http://keystone:5000/;
        }

And now I can access keystone externally on https://openstack.domain.com/authapi/v2.0/tokens and get the endpoints via JSON however I still get them as:

adminURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
publicURL: "http://internal_addr:8774/v2/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

I can create separate custom locations on NGINX for each endpoint but how do I update the endpoints on the keystone DB so the internal services still communicate using the internal address but just external clients access the externally available endpoints? I believe internally they'll still use whatever is on "publicURL", right?

Would there be any easier way of accomplishing external access?