External panel

Last update: March 04 2024

External panel

A front-end dashboard is a dashboard where you can only work with a specific cloud platform project. It does not display tickets and consumption, you cannot manage project quotas.

Using an external dashboard, you can grant cloud space to individual users or teams and set resource consumption quotas for them.

The outer panel can be opened:

• via view domain project_number.selvpc.ru. Such a domain is created automatically for each cloud platform project. The external panel will be accessible via HTTPS protocol with *.selvpc.ru certificate;
• your own domain, such as cloud.yourdomain.com. By default, the external panel will only be accessible via HTTP protocol — you can configure HTTPS access if required.

The external panel is not subject to limit-access-to-account.

You can change the design of the outer panel — select the fill color and change the logo.

For your information

The front-end panel is only available for cloud platform products: Cloud Servers, Managed Kubernetes, Cloud Databases, Container Registry, Secrets Manager.

Log in to the external panel via project_number.selvpc.ru⁠

To access the external panel through the project_number.selvpc.ru domain, you must create a service user with role Project Administrator.

You can log in to the panel using the login and password of the Project Administrator. The external panel will be opened via HTTPS protocol.

1. Create a service user. Select the Project Administrator role and add it to the desired project.

   Only users with roles Account Owner and User Administrator can create a new user.

2. In Control Panel, go to Cloud Platform → Settings.

3. In the External panel → Login link block, copy the link to log in to the external panel (a link of the form 123456.selvpc.ru).

4. Click on the link. Enter the Project Administrator's name and password.

Configure access to the external panel through your own domain⁠

Access to the external panel can be set up through your domain, such as cloud.yourdomain.com. The external panel will be opened via HTTP protocol without a TLS (SSL)-certificate.

If necessary, you can set up access via an encrypted HTTPS connection.

HTTP

1. In Control Panel, go to Cloud Platform → Settings.

2. In the External Panel block, copy the value from the Login Link field.

3. On your domain registrar's side, create a CNAME record for the third-level domain:

   <cloud.yourdomain.com> CNAME <project_number.selvpc.ru>

   Specify:

   • <cloud.yourdomain.com> — the name of the domain where the external panel will be opened. You can use a third-level domain only — add the cloud identifier or another name;
   • <project_number.selvpc.ru> is the login link you copied in step 2.

4. Specify the NS servers serving the domain for the record. DNS records can take up to 48 hours to update.

5. In Control Panel, go to Cloud Platform → Settings.

6. In the External Panel block, in the CNAME record field, click .

7. Enter the CNAME record you created. The original link to the external panel will change to your link.

HTTPS

To configure access to the external panel via HTTPS, you need to create an intermediate proxy server, upload a TLS (SSL) certificate to it and configure request forwarding.

1. Create cloud server. You can select the lowest possible configuration, such as a fixed Shared Line configuration with 1 vCPU and 512 MB RAM.

2. Connect a public IP address to the cloud server.

3. On your domain registrar's side, create an A-record for the third-level domain:

   <cloud.yourdomain.com> A <ip_address>

   Specify:

   • <cloud.yourdomain.com> — the name of the domain where the external panel will be opened. You can use a third-level domain only — add the cloud identifier or another name;
   • <ip_address> is the public IP address you connected to the cloud server in step 2.

4. In Control Panel, go to Cloud Platform → Settings.

5. In the External Panel block, copy the value from the Login Link field.

6. Install nginx on the cloud server.

7. Add a block to the nginx configuration file describing the reverse proxy server:

   server {
       listen 443 ssl;
       server_name         <cloud.yourdomain.com>;
       ssl_certificate     </etc/nginx/ssl/cert.pem>;
       ssl_certificate_key </etc/nginx/ssl/privkey.pem>;
   
       location / {
       proxy_pass <project_url>;
       }
   } }

   Specify:

   • <project_url> is the link to enter the external panel of the form https://<project_number>.selvpc.ru, which you copied in step 5;
   • </etc/nginx/ssl/cert.pem> — path to the certificate file. If you are using a TLS (SSL)-certificate from Let's Encrypt®, the file is called cert.pem;
   • </etc/nginx/ssl/privkey.pem> — path to the file with the certificate private key. If you are using Let's Encrypt®, the file is called privkey.pem.

8. Upload the TLS (SSL)-certificate and certificate private key to the cloud server in the directories that you specified in the configuration file in step 7. If you do not have a TLS (SSL)-certificate for the domain, you can issue a Let's Encrypt® certificate for free in the Selectel Certificate Manager.

9. In Control Panel, go to Cloud Platform → Settings.

10. In the External Panel block, in the CNAME record field, click .

11. Enter the A-record you created. The original link to the external panel will change to your link.

12. If the We could not locate the DNS record... warning appears when you log into the panel, ignore it.

Change the appearance of the external panel⁠

You can customize the appearance of the login window and use your corporate colors and logos.

1. In Control Panel, go to Cloud Platform → Settings.
2. In the Design block, click the Modify button.
3. Specify the fill color in the panel.
4. Click Download to download the logo. The maximum size of the logo is 64 KB.
5. Click Save.