openstack/openstack-ansible-os_horizon
Code Issues Proposed changes
Files
c0fbd295bc436cb30cdebfad5a65f05dcc09b0a4
openstack-ansible-os_horizon/templates/openstack_dashboard.conf.j2
Kevin Carter ff232ae316 Enable SSL termination for all services 
This change makes it so that all services are expecting SSL termination
at the load balancer by default. This is more indicative of how a real
world deployment will be setup and is being added such that we can test
a more production like deployment system by default.

The AIO will now terminate SSL in HAProxy using a self-signed cert.

Change-Id: Ibbeca3325947b549ae00d11e60bf719741b4b0e4
Re-Implementation-Of: https://review.openstack.org/#/c/277199/9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-03-03 11:05:44 -06:00

59 lines
1.8 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
{% set _wsgi_threads = ansible_processor_vcpus | default(2) // 2 %}
{% set wsgi_threads = _wsgi_threads if _wsgi_threads > 0 else 1 %}
<VirtualHost *:80>
ServerName {{ horizon_server_name }}
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName {{ horizon_server_name }}
LogLevel {{ horizon_log_level }}
ErrorLog /var/log/horizon/horizon-error.log
CustomLog /var/log/horizon/ssl_access.log combined
Options +FollowSymLinks
SSLEngine on
SSLCertificateFile {{ horizon_ssl_cert }}
SSLCertificateKeyFile {{ horizon_ssl_key }}
{% if horizon_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ horizon_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite {{ horizon_ssl_cipher_suite }}
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
{% else %}
RequestHeader set {{ horizon_secure_proxy_ssl_header }} "https"
{% endif %}
WSGIScriptAlias / {{ horizon_lib_wsgi_file }}
WSGIDaemonProcess horizon user={{ horizon_system_user_name }} group={{ horizon_system_group_name }} processes={{ horizon_wsgi_processes | default(wsgi_threads) }} threads={{ horizon_wsgi_threads | default(wsgi_threads) }}
WSGIProcessGroup horizon
WSGIApplicationGroup horizon
<Directory {{ horizon_lib_wsgi_file | dirname }}>
<Files django.wsgi>
Order allow,deny
allow from all
Require all granted
</Files>
</Directory>
Alias /static {{ horizon_lib_dir }}/static/
<Directory {{ horizon_lib_dir }}/static/>
Options -FollowSymlinks
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
</VirtualHost>
View Git Blame Copy Permalink