Get started
Configure S3 API endpoint domain names
Suggest changes
-
PDF of this doc site
-
Install and maintain appliance hardware
-
Install and upgrade software
-
Perform system administration
-
Monitor and maintain StorageGRID
-
Recover and maintain
-
Grid node recovery procedures
-
-
-
Collection of separate PDF docs
Creating your file...
To support S3 virtual hosted-style requests, you must use the Grid Manager to configure the list of endpoint domain names that S3 clients connect to.
-
You are signed in to the Grid Manager using a supported web browser.
-
You have specific access permissions.
-
You have confirmed that a grid upgrade is not in progress.
Do not make any changes to the domain name configuration when a grid upgrade is in progress.
To enable clients to use S3 endpoint domain names, you must do all of the following:
-
Use the Grid Manager to add the S3 endpoint domain names to the StorageGRID system.
-
Ensure that the certificate the client uses for HTTPS connections to StorageGRID is signed for all domain names that the client requires.
For example, if the endpoint is
s3.company.com, you must ensure that the certificate used for HTTPS connections includes thes3.company.comendpoint and the endpoint's wildcard Subject Alternative Name (SAN):*.s3.company.com. -
Configure the DNS server used by the client. Include DNS records for the IP addresses that clients use to make connections, and ensure that the records reference all required endpoint domain names, including any wildcard names.
Clients can connect to StorageGRID using the IP address of a Gateway Node, an Admin Node, or a Storage Node, or by connecting to the virtual IP address of a high availability group. You should understand how client applications connect to the grid so you include the correct IP addresses in the DNS records.
Clients that use HTTPS connections (recommended) to the grid can use either of these certificates:
-
Clients that connect to a load balancer endpoint can use a custom certificate for that endpoint. Each load balancer endpoint can be configured to recognize different endpoint domain names.
-
Clients that connect to a load balancer endpoint, directly to a Storage Node, or directly to the deprecated CLB service on a Gateway Node can customize the global S3 and Swift API certificate to include all required endpoint domain names.
-
Select CONFIGURATION > Network > Domain names.
The Endpoint Domain Names page appears.
-
Enter the list of S3 API endpoint domain names in the Endpoint fields. Use the
icon to add additional fields.If this list is empty, support for S3 virtual hosted-style requests is disabled.
-
Select Save.
-
Ensure that the server certificates that clients use match the required endpoint domain names.
-
If clients connect to a load balancer endpoint that uses its own certificate, update the certificate associated with the endpoint.
-
If clients connect to a load balancer endpoint that uses the global S3 and Swift API certificate, directly to Storage Nodes, or to the CLB service on Gateway Nodes, update the global S3 and Swift API certificate.
-
-
Add the DNS records required to ensure that endpoint domain name requests can be resolved.
Now, when clients use the endpoint bucket.s3.company.com, the DNS server resolves to the correct endpoint and the certificate authenticates the endpoint as expected.