-
Notifications
You must be signed in to change notification settings - Fork 105
horizon_https
遇见王斌 edited this page Feb 14, 2018
·
2 revisions
要注意生成证书时输入的 Common Name 要能匹配 dashboard 的域名
将证书和私钥文件放到 /etc/ssl/dashboard-cert-key/
目录下
yum -y install mod_ssl
修改 /etc/httpd/conf.d/openstack-dashboard.conf,清空并添加如下内容(修改配置文件先备份)
<VirtualHost *:80>
## Force redirect to SSL website
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost *:443>
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
</Directory>
## Logging
ErrorLog "/var/log/httpd/horizon_error.log"
ServerSignature Off
CustomLog "/var/log/httpd/horizon_access.log" combined
## RedirectMatch rules
RedirectMatch permanent ^/$ /dashboard
WSGIDaemonProcess dashboard user=apache group=apache
WSGIProcessGroup dashboard
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
## SSL Related, replace paths with your own
SSLEngine on
SSLCertificateFile /etc/ssl/dashboard-cert-key/xxxx.crt
SSLCertificateKeyFile /etc/ssl/dashboard-cert-key/xxxx.key
</VirtualHost>
其他说明:
- 此处配置默认将 80 端口的请求转到 443 端口
- 打开 OpenStack 网站无需输入 /dashboard
- 访问界面日志会输出到 /var/log/httpd/horizon_error.log 和 /var/log/httpd/horizon_access.log
修改完配置文件服务,可以使用 apachectl configtest
检查下配置文件语法是否正确
systemctl restart httpd
Horizon 配置了 HTTPS 后,OpenStack 界面打开实例时,因为实例的网页 VNC 是 http 服务,所以无法直接在界面上显示,但可以点击链接后进行查看