openstack dashboard开启https

2018-10-24 分类:云计算 阅读(900) 评论(0)

前提条件:

  1. 基于http的dashboard能正常访问

  1. 拥有ssl证书

 

第一步:修改/etc/openstack-dashboard/local_settings

在DEBUG = False下增加4行

USE_SSL = True

CSRF_COOKIE_SECURE = True

SESSION_COOKIE_SECURE = True

SESSION_COOKIE_HTTPONLY = True

 

第二步:修改/etc/httpd/conf.d/openstack-dashboard.conf(我的域名是blog.qstack.com.cn)

<VirtualHost *:80>

ServerName blog.qstack.com.cn

<IfModule mod_rewrite.c>

RewriteEngine On #开启rewrite跳转

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#http跳转到https

</IfModule>

<IfModule !mod_rewrite.c>

RedirectPermanent / https://blog.qstack.com.cn

</IfModule>

</VirtualHost>

 

<VirtualHost *:443>

ServerName blog.qstack.com.cn

SSLEngine On #开启ssl

# Remember to replace certificates and keys with valid paths in your environment

SSLCertificateFile /opt/2_blog.qstack.com.cn.crt #证书路径

SSLCACertificateFile /opt/2_blog.qstack.com.cn.crt #证书路径

SSLCertificateKeyFile /opt/3_blog.qstack.com.cn.key #证书路径

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

Header add Strict-Transport-Security "max-age=15768000"

WSGIDaemonProcess dashboard

WSGIProcessGroup dashboard

WSGIApplicationGroup %{GLOBAL}

WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi

Alias /dashboard/static /usr/share/openstack-dashboard/static

 

<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>

Options All

AllowOverride All

Require all granted

</Directory>

 

<Directory /usr/share/openstack-dashboard/static>

Options All

AllowOverride All

Require all granted

</Directory>

</VirtualHost>

 

第三步:使用apachectl -t检查httpd配置文件语法

[root@compute1 ~]# apachectl -t

AH00526: Syntax error on line 15 of /etc/httpd/conf.d/openstack-dashboard.conf:

Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

解决方法:

yum install mod_ssl -y

 

第四步:重启httpd

systemctl restart httpd

使用刚配置的域名访问https://blog.qstack.com.cn/dashboard

 

如果希望实例的控制台也使用https,需要配置控制节点的/etc/nova/nova.conf,让nova-novncproxy使用https,并且计算节点的vncproxy地址也修改为https。

novncproxy_base_url = https://10.0.0.11:6080/vnc_auto.html

 

至此,配置完成

 

参考资料:

https://docs.openstack.org/horizon/pike/admin/customize-configure.html

评论已关闭

登录

忘记密码 ?

切换登录

注册