This post shows how to switch Horizon to HTTPS.
Before start you should have working OpenStack Horizon through HTTP.
My setup:
OS: CentOS 7.3
OpenStack: Newton
Changes on controller
Install mod_ssl for HTTPD:
yum -y install mod_ssl
Upload your certificate files:
/etc/pki/tls/certs/khmel.org.pem
/etc/pki/tls/private/privat.key
Uncomment these lines in /etc/openstack-dashboard/local_settings
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
Update /etc/nova/nova.conf. Add to [DEFAULT] section:
[DEFAULT]
ssl_only = true
cert = /etc/pki/tls/certs/khmel.org.pem
key = /etc/pki/tls/private/privat.key
File /etc/httpd/conf.d/openstack-dashboard.conf should look like this:
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
<VirtualHost *:80>
ServerName cloud.khmel.org
RedirectPermanent /dashboard https://cloud.khmel.org/dashboard
</VirtualHost>
<VirtualHost *:443>
ServerName cloud.khmel.org
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/khmel.org.pem
SSLCertificateKeyFile /etc/pki/tls/private/privat.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Reboot controller node.
Changes on compute nodes
Update /etc/nova/nova.conf. Add to [DEFAULT] section:
[DEFAULT]
novncproxy_base_url=https://cloud.khmel.org:6080/vnc_auto.html
Reboot compute nodes