Changing S3 protocol settings

After creating the S3 storage, you can change the protocol settings of the S3 endpoint.

Prerequisites

To change S3 protocol settings

Admin panel

  1. Open the Storage services > S3 > Settings screen, and then click Protocol.
  2. Select an S3 endpoint protocol: HTTP, HTTPS, or both.

    It is recommended to use only HTTPS for production deployments.

    If you selected the HTTPS protocol, do one of the following:

    • Select Upload a certificate, specify the prepared SSL certificate, and then specify the SSL key or passphrase (for PKCS#12 files).

      You need to acquire a key and a trusted wildcard SSL certificate for endpoint’s bottom-level domain. For example, the endpoint s3storage.example.com would need a wildcard certificate for *.s3storage.example.com with the subject alternative name s3storage.example.com.

    • Select Generate a certificate, to get a self-signed certificate for HTTPS evaluation purposes.

      • S3 geo-replication requires a certificate from a trusted authority. It does not work with self-signed certificates.
      • To access the data in the S3 cluster via a browser, add the self-signed certificate to browser’s exceptions.
  3. Click Save to apply your changes.

Command-line interface

Use the following command:

vinfra service s3 cluster change [--self-signed | --no-ssl | --cert-file <cert_file>]
                                 [--insecure] [--key-file <key_file>] [--password]
--self-signed
Generate a new self-signed certificate (default)
--no-ssl
Do not generate a self-signed certificate
--cert-file <cert_file>
Path to a file with the new certificate
--insecure
Allow insecure connections in addition to secure ones (only used with the --cert-file and --self-signed options)
--key-file <key_file>
Path to a file with the private key (only used with the --cert-file option)
--password
Read certificate password from stdin (only used with the --cert-file option)

For example, to use a self-signed certificate for the S3 storage, run:

# vinfra service s3 cluster change --self-signed