Tag Archives: ProxyPass

Setting up Virtual Servers in Openstack environment

Background on Setting up Virtual Servers in Openstack environment: Once I got my Openstack environment setup, and I was able to create a couple of instances, I had to figure out the easiest way of managing IP Addresses and sub-domain names for web access to each of my instances.

I needed web access to my openstack host. I needed web access to each of my instances, which are running virtually on the same host. Further, since I am running all of this on one server in my home network, I need to somehow map all of this to one external IP address.

This is nothing too new to me. I have lots of vintages of Linux servers in my basement, and I sort of know the ropes around setting up NAT-ing, Virtual Servers, and proxies. My question was: what’s the best practice? What would be the easiest?

I couldn’t find anything directly on this (let me know if you have a reference). So here’s what I decided to do.

Enable Openstack Dashboard Network Access

By default, the Openstack Horizon Django configuration strictly controls who can get access. It’s roughly localhost only. For testing purposes, I went into the settings file and removed all restrictions:

$ cd /etc/openstack-dashboard
$ vi local_settings
...
#ALLOWED_HOSTS = ['horizon.example.com', ]
ALLOWED_HOSTS = ['*']
ZZ
$ systemctl restart httpd.service

I tried making a restrictive list, but it kept getting in my way. When done setting up, I will lock this up.

I then verified from a different PC in the same subnet that http://192.168.100.154/dashboard works.

Map Openstack Host to External IP Address

Using my home router, I configured an address mapping between port 80 and my Openstack host. Here’s the screen shot:

NetgearRouterPortForwarding012215

Port Forwarding Table from my home router

Now verify that http://my.external.IP.address/dashboard works.

Setup an Openstack Subdomain Name

One of my domain names, jackkozik.net points to my home router’s IP address. I setup an Openstack subdomain name, using my zoneedit account — I used os.jackkozik.net. Sorry no screen shot. I am (perhaps too liberally) showing my domain name, but I am reluctant to show my IP addresses. Zoneedit is pretty quick, but distributing a new subdomain address takes anywhere from 0 to 60 minutes.

I then edit Openstack’s virtual server configuration adding os.jackkozik.net as a ServerAlias, as follows:

$ cd /etc/httpd/conf.d
$ vi 15-horizon_vhost.conf
...
<VirtualHost *:80>
ServerName kozik4.lan
ServerAlias os.jackkozik.net # Add this line
...
ZZ
$ systemctl restart httpd.service

Then assuming the subdomain has had a chance to get distributed, verify http://os.jackkozik.net/dashboard.

Openstack’s install scripts automatically setup this VirtualHost.

Create Subdomains for Each of My Instances

Within Openstack, I create instances that are automatically assigned IP addresses from a pool in the range of 192.168.100.100-119. Of course these instances are accessible from my home network (eg http://192.168.100.100 displays a nice Apache default screen). But I only have one external IP address and I need a mechanism to for external web access.

Absent any better approach (I hope to find one!), I am using Apache’s ProxyPass capability. I have used this for physical servers, why not use it for virtual machines?!

For starters, I created another subdomain in zoneedit. I decided to name each external instance with a letter followed by the least significant digits from the IP address. My first subdomain is named f100: That is, it is a Fedora instance and it’s running an instance mapped to 192.168.100.100. In zoneedit, I enter the subdomain f100.jackkozik.net, and I put the same external IP address that I used for os.jackkozik.net.

Within the Apache configuration files, I created a virtual server named f100.jackkozik.net, and used ProxyPass to map it to (redirect it to?) the web server running on 192.168.100.100. See the following config file:

$ cd /etc/httpd/conf.d
$ vi openstackInstances_vhost.conf
# This file configures all the proxy modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ServerName f100.jackkozik.net
ProxyPreserveHost On
ProxyPass / http://192.168.100.100/
ProxyPassReverse / http://192.168.100.100/
</VirtualHost>
ZZ
$ systemctl restart httpd.service

I created this file and put it in the conf.d directory. It automatically gets read whenever the apache web server starts.

From here, allowing enough time for zoneedit to work, I verified that http://f100.jackkozik.net worked from both my home network and from an outside network (I sometime use my desktop PC at work test this; more commonly I use the Chrome browser on my Android phone).

I edit this file for each new instance I setup.

So each of my instances think they are sitting on the internet, but really the Openstack host Apache server and my home network router’s NAT function are fooling it.

Fix ALLOWED_HOSTS

Finally, once I got everything working, I fixed ALLOWED_HOSTS to permit any traffic from my home subnet and only allow requests from URL os.jackkozik.net from the Internet. See following:

$ cd /etc/openstack-dashboard
$ vi local_settings
...
ALLOWED_HOSTS = ['localhost', 'os.jackkozik.net', 'kozik4.lan', ]
#ALLOWED_HOSTS = ['*']
ZZ
$ systemctl restart httpd.service