External panel
The external panel is a control panel where you can work only with a specific project. It does not display tickets and consumption, you cannot manage project quotas.
Using an external dashboard, you can grant cloud space to individual users or teams and set resource consumption quotas for them.
The outer panel can be opened:
- through view domain project_number.selvpc.ru. This domain is created automatically for each project. The external panel will be accessible via HTTPS protocol with a certificate
*.selvpc.ru
; - your own domain for example
cloud.yourdomain.com
. By default, the external panel will only be accessible via HTTP protocol — you can configure HTTPS access if required.
The outer panel is not covered account restriction.
You can change the design of the outer panel — choose a fill color and change the logo.
The external dashboard is only available for cloud platform products: Cloud servers, Managed Kubernetes, Managed databases, Container Registry, Secrets manager.
Log in to the external panel via project_number.selvpc.ru
To access the external panel through the domain in the format project_number.selvpc.ru
you need to create a service user with role Project Administrator.
You can log in to the panel using the login and password of the Project Administrator. The external panel will be opened via HTTPS protocol.
-
Add a service user. Select the Project Administrator role and add it to the desired project.
A new user can only be created by users with roles Account Owner and User Administrator.
-
In control panel go to Identity & Access Management → Projects.
-
Open the tab External panel.
-
In the field Login link click on the following link
123456.selvpc.ru
. -
Enter the Project Administrator's name and password.
Configure access to the external panel through your own domain
Access to the external panel can be set up through your domain, e.g. cloud.yourdomain.com
. The frontend will open over HTTP protocol without a TLS (SSL)-certificate.
If necessary, you can set up access via an encrypted HTTPS connection.
HTTP
HTTPS
-
In control panels go to Identity & Access Management → Projects.
-
Open the tab External panel.
-
Copy the value from the field Login link.
-
On your domain registrar's side, create a CNAME record for the third-level domain:
<cloud.yourdomain.com> CNAME <project_number.selvpc.ru>
Specify:
<cloud.yourdomain.com>
— domain name, by which the external panel will be opened. You can use only third-level domain — add the identifiercloud
or another name;<project_number.selvpc.ru>
— login link that you copied in step 2.
-
Specify the NS servers serving the domain for the record. It may take up to 48 hours to update DNS records.
-
In control panels go to Identity & Access Management → Projects.
-
Open the tab External panel.
-
In the field CNAME record click .
-
Enter the CNAME record you created. The original link to the external panel will change to your link.
To configure access to the external panel via HTTPS, you need to create an intermediate proxy server, upload a TLS (SSL) certificate to it and configure request forwarding.
-
Create a cloud server. You can select the lowest possible configuration, such as a fixed Shared Line configuration with 1 vCPU and 512 MB RAM.
-
Configure the cloud server to access to and from the Internet via a public IP address.
-
On your domain registrar's side, create an A-record for the third-level domain:
<cloud.yourdomain.com> A <ip_address>
Specify:
<cloud.yourdomain.com>
— domain name, by which the external panel will be opened. You can use only the third level domain — add the identifiercloud
or another name;<ip_address>
— The public IP address that you connected to the cloud server in step 2.
-
In control panels go to Identity & Access Management → Projects.
-
Open the tab External panel.
-
Copy the value from the field Login link.
-
Install nginx on the cloud server.
-
Add a block to the nginx configuration file describing the reverse proxy server:
server {
listen 443 ssl;
server_name <cloud.yourdomain.com>;
ssl_certificate </etc/nginx/ssl/cert.pem>;
ssl_certificate_key </etc/nginx/ssl/privkey.pem>;
location / {
proxy_pass <project_url>;
}
}Specify:
<project_url>
— link to enter the external view panelhttps://<project_number>.selvpc.ru
that you copied in step 5;</etc/nginx/ssl/cert.pem>
— path to the certificate file. If you are using a TLS (SSL) certificate from Let's Encrypt®, the file is namedcert.pem
;</etc/nginx/ssl/privkey.pem>
— path to the file containing the certificate's private key. If you are using Let's Encrypt®, the file is calledprivkey.pem
.
-
Upload the TLS (SSL) certificate and certificate private key to the cloud server in the directories that you specified in the configuration file in step 8. If you do not have a TLS (SSL) certificate for the domain, you can free of charge issue a Let's Encrypt® certificate in the Selectel Certificate Manager.
-
In control panels go to Identity & Access Management → Projects.
-
Open the tab External panel.
-
In the field CNAME record click .
-
Enter the A-record you created. The original link to the external panel will change to your link.
-
If a warning message appears when you log in to the panel
Мы не смогли обнаружить DNS-запись...
ignore him.
Change the design of the external panel
You can customize the appearance of the login window and use your corporate colors and logos.
- In control panels go to Identity & Access Management → Projects.
- Open the tab External panel.
- In the block Panel design click Change the design.
- Specify the fill color in the panel.
- Click Downloadto download the logo. The maximum size of the logo is 64 KB.
- Click Save.