Skip to content

horizon_https

遇见王斌 edited this page Feb 14, 2018 · 2 revisions

Horizon 配置 HTTPS

1 配置 HTTPS

1.1 准备证书及私钥文件

要注意生成证书时输入的 Common Name 要能匹配 dashboard 的域名

将证书和私钥文件放到 /etc/ssl/dashboard-cert-key/ 目录下

1.2 安装 mod_ssl

yum -y install mod_ssl

1.3 修改 httpd 中 dashboard 的配置

修改 /etc/httpd/conf.d/openstack-dashboard.conf,清空并添加如下内容(修改配置文件先备份)

<VirtualHost *:80>
  ## Force redirect to SSL website
  RewriteEngine On
  RewriteCond %{HTTPS} !on
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
  <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
    Options All
    AllowOverride All
    Require all granted
  </Directory>

  <Directory /usr/share/openstack-dashboard/static>
    Options All
    AllowOverride All
    Require all granted
  </Directory>

  ## Logging
  ErrorLog "/var/log/httpd/horizon_error.log"
  ServerSignature Off
  CustomLog "/var/log/httpd/horizon_access.log" combined

  ## RedirectMatch rules
  RedirectMatch permanent  ^/$ /dashboard

  WSGIDaemonProcess dashboard user=apache group=apache
  WSGIProcessGroup dashboard
  WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
  Alias /dashboard/static /usr/share/openstack-dashboard/static

  ## SSL Related, replace paths with your own
  SSLEngine on
  SSLCertificateFile    /etc/ssl/dashboard-cert-key/xxxx.crt
  SSLCertificateKeyFile /etc/ssl/dashboard-cert-key/xxxx.key
</VirtualHost>

其他说明:

  • 此处配置默认将 80 端口的请求转到 443 端口
  • 打开 OpenStack 网站无需输入 /dashboard
  • 访问界面日志会输出到 /var/log/httpd/horizon_error.log 和 /var/log/httpd/horizon_access.log

1.4 重启服务

修改完配置文件服务,可以使用 apachectl configtest 检查下配置文件语法是否正确

systemctl restart httpd

2 其他待优化

Horizon 配置了 HTTPS 后,OpenStack 界面打开实例时,因为实例的网页 VNC 是 http 服务,所以无法直接在界面上显示,但可以点击链接后进行查看