Practical Example

This document provides a practical example of configuring security groups and setting up a web server (Apache or Nginx) on a Virtual Machine (VM) in OpenStack. The example includes steps using both the Horizon Dashboard and the OpenStack CLI.

Configure Security Groups

Horizon DashboardOpenStack CLI

1. Create a security group:

   • Navigate to Project > Network > Security Groups.
   • Click Create Security Group.
   • Provide a name (e.g., web-server-sg) and optional description.
   • Click Create Security Group.

2. Add ingress rules:

   • Select the web-server-sg security group.
   • Click Manage Rules.
   • Click Add Rule.

   • Add rule for SSH (in order to connect to your instance):

     • Rule: SSH
     • Remote: CIDR
     • CIDR: 0.0.0.0/0
     • Click Add.

   • Add rule for HTTP:

     • Rule: HTTP
     • Remote: CIDR
     • CIDR: 0.0.0.0/0
     • Click Add.

   • Add rule for HTTPS:

     • Rule: HTTPS
     • Remote: CIDR
     • CIDR: 0.0.0.0/0
     • Click Add.

1. Create a security sroup:

   openstack security group create web-server-sg --description "Security group for a web server"`
   

2. Add ingress rules

   openstack security group rule create --proto tcp --dst-port 22 web-server-sg
   openstack security group rule create --proto tcp --dst-port 80 web-server-sg
   openstack security group rule create --proto tcp --dst-port 443 web-server-sg
   

Launch and Configure the VM

Horizon DashboardOpenStack CLI

1. Launch a new instance:

   • Navigate to Project > Compute > Instances.
   • Click Launch Instance.
   • Fill in the instance details:
     • Instance Name: web-server-instance
     • Flavor: Select the appropriate flavor.
     • Image: Select the desired image (e.g., Ubuntu 22.04)
   • Under Networks, select the appropriate network.
   • Under Security Groups, select web-server-sg.
   • Click Launch Instance.

2. Install a web server:

   • ssh into the instance.
   • Update the package list and install Apache or Nginx.

   sudo apt update
   sudo apt install apache2 -y
   # or for Nginx
   # sudo apt install nginx -y
   

1. Launch a new instance:

   openstack server create --flavor <flavor_name> --image <image_name> --network <network_name> --security-group web-server-sg --key-name <keypair_name> web-server-instance
   

2. Access the VM:

   • Connecting to the instance in IPv4 subnet requires a Router and the Floating IP. For instructions on how to establish these, visit the articles Create a Router and Create and Manage Floating IPs.

   ssh -i <path_to_keypair> ubuntu@<floating_ip>
   

3. Install a web server:

   • Update the package list and install Apache or Nginx.

   sudo apt update
   sudo apt install apache2 -y
   # or for Nginx
   # sudo apt install nginx -y
   

   • Start the web server:

   sudo systemctl start apache2
   sudo systemctl enable apache2
   # or for Nginx
   # sudo systemctl start nginx
   # sudo systemctl enable nginx
   

Test the Setup

Open a web browser and navigate to the public IP address of the instance. You should see the default Apache or Nginx welcome page, confirming that the web server is accessible.

This example demonstrates how to create and configure security groups in OpenStack, launch an instance, and install a web server using both the Horizon Dashboard and OpenStack CLI. By following these steps, you can ensure your web server is properly secured and accessible over HTTP and HTTPS.