SSL for both RedHat and Ubuntu

Change-Id: I486b74740b873d0470c9d6abc0eb66e5c1464708
2016-03-01 15:51:20 +01:00 · 2016-03-01 15:51:20 +01:00 · 0e21108451
parent a22ebefc02
commit 0e21108451
2 changed files with 34 additions and 43 deletions
--- a/horizon/files/openstack-dashboard.conf.Debian
+++ b/horizon/files/openstack-dashboard.conf.Debian
@ -22,3 +22,35 @@ Alias /static /usr/share/openstack-dashboard/static

  Require all granted
 </Directory>
+
+{% if server.get('ssl', {}).get('enabled', False) %}
+
+<VirtualHost {{ server.bind.address }}:443>
+  ServerName {{ server.host.name }}
+
+  SSLEngine On
+  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
+  SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
+  SSLCertificateFile {{ server.certs_dir }}/{{ server.host.name }}.crt
+  SSLCertificateKeyFile {{ server.private_dir }}/{{ server.host.name }}.key
+  SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt
+  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown/
+
+  WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
+  Alias /static /usr/share/openstack-dashboard/static
+
+  <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
+    <IfModule mod_deflate.c>
+      SetOutputFilter DEFLATE
+      <IfModule mod_headers.c>
+        # Make sure proxies don’t deliver the wrong content
+        Header append Vary User-Agent env=!dont-vary
+      </IfModule>
+    </IfModule>
+
+    Order allow,deny
+    Allow from all
+  </Directory>
+</VirtualHost>
+
+{% endif %}
--- a/horizon/files/openstack-dashboard.conf.RedHat
+++ b/horizon/files/openstack-dashboard.conf.RedHat
@ -1,7 +1,5 @@
 {% from "horizon/map.jinja" import server with context %}

-{% if not server.get('ssl', {}).get('enabled', False) %}
-
 WSGIDaemonProcess dashboard
 WSGIProcessGroup dashboard
 WSGISocketPrefix run/wsgi
@ -35,44 +33,9 @@ Alias /static /usr/share/openstack-dashboard/static
  Allow from all
 </Directory>

-{% else %}
+{% if server.get('ssl', {}).get('enabled', False) %}

-#RedirectPermanent / https://{{ server.host.name }}
-
-WSGIDaemonProcess dashboard
-WSGIProcessGroup dashboard
-WSGISocketPrefix run/wsgi
-
-WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
-Alias /static /usr/share/openstack-dashboard/static
-
-<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
-  <IfModule mod_deflate.c>
-    SetOutputFilter DEFLATE
-    <IfModule mod_headers.c>
-      # Make sure proxies don’t deliver the wrong content
-      Header append Vary User-Agent env=!dont-vary
-    </IfModule>
-  </IfModule>
-
-  Order allow,deny
-  Allow from all
-</Directory>
-
-<Directory /usr/share/openstack-dashboard/static>
-  <IfModule mod_expires.c>
-    ExpiresActive On
-    ExpiresDefault "access 6 month"
-  </IfModule>
-  <IfModule mod_deflate.c>
-    SetOutputFilter DEFLATE
-  </IfModule>
-
-  Order allow,deny
-  Allow from all
-</Directory>
-
-<VirtualHost {{ pillar.horizon.server.bind.address }}:443>
+<VirtualHost {{ server.bind.address }}:443>
  ServerName {{ server.host.name }}

  SSLEngine On
@ -83,10 +46,6 @@ Alias /static /usr/share/openstack-dashboard/static
  SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown/

-#  WSGIDaemonProcess dashboard
-#  WSGIProcessGroup dashboard
-#  WSGISocketPrefix run/wsgi
-
  WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
  Alias /static /usr/share/openstack-dashboard/static