Dear all, Is it possible to achieve the following with rgw and the S3 protocol? I have a central Ceph cluster with rgw/S3 in my organisation and I have an internal network zone and a DMZ. Access from the internal network to Ceph is of course allowed. I want to expose certain parts of the Ceph in the DMZ. The easiest solution would be to simply put a reverse proxy in the DMZ and allow the reverse proxy to access my rgws via HTTP(S) in the firewall. However, this provides access to ALL of my S3 data also from the DMZ. Is there a built-in feature in Ceph/rgw that would allow me to limit access to certain buckets only when they come from the DMZ? Of course, I could use the multi-tenancy feature OR even use user prefixes to limit access to a "public" tenant or users with prefix "public-". This would be fairly simply to configure with nginx, for example, to forward "everything '/public:*'" to "https://s3.example.com/public:*";. Best wishes, Manuel _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |