SSL for both RedHat and Ubuntu
Change-Id: I486b74740b873d0470c9d6abc0eb66e5c1464708
This commit is contained in:
parent
a22ebefc02
commit
0e21108451
|
@ -22,3 +22,35 @@ Alias /static /usr/share/openstack-dashboard/static
|
|||
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
{% if server.get('ssl', {}).get('enabled', False) %}
|
||||
|
||||
<VirtualHost {{ server.bind.address }}:443>
|
||||
ServerName {{ server.host.name }}
|
||||
|
||||
SSLEngine On
|
||||
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
||||
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
||||
SSLCertificateFile {{ server.certs_dir }}/{{ server.host.name }}.crt
|
||||
SSLCertificateKeyFile {{ server.private_dir }}/{{ server.host.name }}.key
|
||||
SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt
|
||||
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown/
|
||||
|
||||
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
|
||||
Alias /static /usr/share/openstack-dashboard/static
|
||||
|
||||
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_headers.c>
|
||||
# Make sure proxies don’t deliver the wrong content
|
||||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
{% endif %}
|
|
@ -1,7 +1,5 @@
|
|||
{% from "horizon/map.jinja" import server with context %}
|
||||
|
||||
{% if not server.get('ssl', {}).get('enabled', False) %}
|
||||
|
||||
WSGIDaemonProcess dashboard
|
||||
WSGIProcessGroup dashboard
|
||||
WSGISocketPrefix run/wsgi
|
||||
|
@ -35,44 +33,9 @@ Alias /static /usr/share/openstack-dashboard/static
|
|||
Allow from all
|
||||
</Directory>
|
||||
|
||||
{% else %}
|
||||
{% if server.get('ssl', {}).get('enabled', False) %}
|
||||
|
||||
#RedirectPermanent / https://{{ server.host.name }}
|
||||
|
||||
WSGIDaemonProcess dashboard
|
||||
WSGIProcessGroup dashboard
|
||||
WSGISocketPrefix run/wsgi
|
||||
|
||||
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
|
||||
Alias /static /usr/share/openstack-dashboard/static
|
||||
|
||||
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_headers.c>
|
||||
# Make sure proxies don’t deliver the wrong content
|
||||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
|
||||
<Directory /usr/share/openstack-dashboard/static>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access 6 month"
|
||||
</IfModule>
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
</IfModule>
|
||||
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
|
||||
<VirtualHost {{ pillar.horizon.server.bind.address }}:443>
|
||||
<VirtualHost {{ server.bind.address }}:443>
|
||||
ServerName {{ server.host.name }}
|
||||
|
||||
SSLEngine On
|
||||
|
@ -83,10 +46,6 @@ Alias /static /usr/share/openstack-dashboard/static
|
|||
SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt
|
||||
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown/
|
||||
|
||||
# WSGIDaemonProcess dashboard
|
||||
# WSGIProcessGroup dashboard
|
||||
# WSGISocketPrefix run/wsgi
|
||||
|
||||
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
|
||||
Alias /static /usr/share/openstack-dashboard/static
|
||||
|
||||
|
|
Loading…
Reference in New Issue