Changing S3 protocol settings

After creating the S3 storage, you can change the protocol settings of the S3 endpoint.


To change S3 protocol settings

Admin panel

  1. Open the Storage services > S3 > Settings screen, and then click Protocol.
  2. Select an S3 endpoint protocol: HTTP, HTTPS, or both.

    It is recommended to use only HTTPS for production deployments.

    If you selected the HTTPS protocol, do one of the following:

    • Select Upload a certificate, specify the prepared SSL certificate, and then specify the SSL key or passphrase (for PKCS#12 files).

      You need to acquire a key and a trusted wildcard SSL certificate for endpoint’s bottom-level domain. For example, the endpoint would need a wildcard certificate for * with the subject alternative name

    • Select Generate a certificate, to get a self-signed certificate for HTTPS evaluation purposes.

      • S3 geo-replication requires a certificate from a trusted authority. It does not work with self-signed certificates.
      • To access the data in the S3 cluster via a browser, add the self-signed certificate to browser’s exceptions.
  3. Click Save to apply your changes.

Command-line interface

Use the following command:

vinfra service s3 cluster change [--self-signed | --no-ssl | --cert-file <cert_file>]
                                 [--insecure] [--key-file <key_file>] [--password]
Generate a new self-signed certificate (default)
Do not generate a self-signed certificate
--cert-file <cert_file>
Path to a file with the new certificate
Allow insecure connections in addition to secure ones (only used with the --cert-file and --self-signed options)
--key-file <key_file>
Path to a file with the private key (only used with the --cert-file option)
Read certificate password from stdin (only used with the --cert-file option)

For example, to use a self-signed certificate for the S3 storage, run:

# vinfra service s3 cluster change --self-signed