rgw: Document that radosgw now supports SSL.

This includes information on file format and configuration file syntax.

Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit d4e72dfed30274b3cfbad4ac58c0746a98c0148b)

diff --git a/doc/install/install-ceph-gateway.rst b/doc/install/install-ceph-gateway.rst
index 29a25da678b563493951a00fe9f69eec921543f8..7fef26101610d6a7ab5b37c232479bf1ee1a2d05 100644 (file)
--- a/doc/install/install-ceph-gateway.rst
+++ b/doc/install/install-ceph-gateway.rst
@@ -10,9 +10,8 @@ simplifies the Ceph Object Gateway installation and configuration.
           Ceph storage cluster, and the gateway host should have access to the 
           public network.
 
-.. note:: In version 0.80, the Ceph Object Gateway does not support SSL. You
-          may setup a reverse proxy server with SSL to dispatch HTTPS requests 
-          as HTTP requests to CivetWeb.
+.. note:: As of version 10.2.6, the Ceph Object Gateway **does** support SSL.
+          See `Using SSL with Civetweb`_ for information on how to set that up.
 
 Execute the Pre-Installation Procedure
 --------------------------------------
@@ -83,10 +82,6 @@ your administration server. Add a section entitled
 ``[client.rgw.<gateway-node>]``, replacing ``<gateway-node>`` with the short
 node name of your Ceph Object Gateway node (i.e., ``hostname -s``).
 
-.. note:: In version 0.94, the Ceph Object Gateway does not support SSL. You
-          may setup a reverse proxy web server with SSL to dispatch HTTPS 
-          requests as HTTP requests to CivetWeb.
-
 For example, if your node name is ``gateway-node1``, add a section like this
 after the ``[global]`` section::
 
@@ -145,6 +140,28 @@ execute the following as the ``root`` user::
 
  iptables-save > /etc/iptables/rules.v4
 
+Using SSL with Civetweb
+-----------------------
+.. _Using SSL with Civetweb:
+
+Before using SSL with civetweb, you will need a certificate that will match
+the host name that that will be used to access the Ceph Object Gateway.
+You may wish to obtain one that has `subject alternate name` fields for
+more flexibility.  If you intend to use S3-style subdomains
+(`Add Wildcard to DNS`_), you will need a `wildcard` certificate.
+
+Civetweb requires that the server key, server certificate, and any other
+CA or intermediate certificates be supplied in one file.  Each of these
+items must be in `pem` form.  Because the combined file contains the
+secret key, it should be protected from unauthorized access.
+
+To configure ssl operation, append ``s`` to the port number.  Currently
+it is not possible to configure the radosgw to listen on both
+http and https, you must pick only one.  So::
+
+ [client.rgw.gateway-node1]
+ rgw_frontends = civetweb port=443s ssl_certificate=/etc/ceph/private/keyandcert.pem
+
 Migrating from Apache to Civetweb
 ---------------------------------
 
@@ -267,6 +284,7 @@ Where ``client.rgw.ceph-client`` is the name of the gateway user.
 
 Add Wildcard to DNS
 -------------------
+.. _Add Wildcard to DNS:
 
 To use Ceph with S3-style subdomains (e.g., bucket-name.domain-name.com), you
 need to add a wildcard to the DNS record of the DNS server you use with the