Open in app

Sign in

Write

Sign in

How to enable HTTPS on Openstack Dashboard

Kevin W Tech Notes
Nov 16, 2020

--

First Install mod_ssl on Openstack Controller node

[root@ems-sv4-controller ~]# sudo yum install mod_ssl

Modify the following configuration file to enable HTTPS

[root@ems-sv4-controller conf.d]# cat 15-horizon_vhost.conf
# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************
#
# Configure http redirect
<VirtualHost *:80>
 ServerName ems-sv4-controller.es.equinix.com
 ServerAlias 10.195.231.11
 RedirectMatch permanent (.*) https://ems-sv4-controller.es.equinix.com
 #RewriteEngine On
 #RewriteCond %{HTTPS} off
 #RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]</VirtualHost># change port to 443
<VirtualHost *:443>
 ServerName ems-sv4-controller.es.equinix.com## Vhost docroot
 DocumentRoot “/var/www/”
 ## Alias declarations for resources outside the DocumentRoot
 Alias /dashboard/static “/usr/share/openstack-dashboard/static”## Directories, there should at least be a declaration for /var/www/<Directory “/var/www/”>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride None
 Require all granted
 </Directory>## Logging
 ErrorLog “/var/log/httpd/horizon_error.log”
 ServerSignature Off
 CustomLog “/var/log/httpd/horizon_access.log” combined## RedirectMatch rules
 RedirectMatch permanent ^/$ /dashboard## Server aliases
 ServerAlias 10.195.231.11
 ServerAlias ems-sv4-controller.es.equinix.com
 ServerAlias localhost# add SSL module and certification path
 SSLEngine on
 SSLCertificateFile “/etc/pki/tls/certs/openstack.crt”
 SSLCertificateKeyFile “/etc/pki/tls/private/openstack.key”
 SSLCertificateChainFile “/etc/pki/tls/certs/openstack_bundle.crt”## WSGI configuration
 WSGIApplicationGroup %{GLOBAL}
 WSGIDaemonProcess apache display-name=horizon group=apache processes=12 threads=1 user=apache
 WSGIProcessGroup apache
 WSGIScriptAlias /dashboard “/usr/share/openstack-dashboard/openstack_dashboard/wsgi.py”
</VirtualHost>

Change keystone trusted_dashboard URL to https

[root@ems-sv4-controller conf.d]# vim /etc/keystone/keystone.conf
trusted_dashboard =https://ems-sv4-controller.es.equinix.com/dashboard/auth/websso/

Add iptables

[root@ems-sv4-controller conf.d]# iptables -I INPUT -p tcp -m multiport --dports 443 -m comment --comment "001 horizon 443 incoming" -j ACCEPT

Restart httpd service

[root@ems-sv4-controller conf.d]# systemctl restart httpd
Openstack
Rdo
Packstack
Openstack Private Cloud
Https

--

--

Kevin W Tech Notes
Kevin W Tech Notes

Written by Kevin W Tech Notes

16 Followers
3 Following

Network Engineer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams