前提条件:
- 基于http的dashboard能正常访问
image
- 拥有ssl证书
image
第一步:修改/etc/openstack-dashboard/local_settings
在DEBUG = False下增加4行
USE_SSL = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
第二步:修改/etc/httpd/conf.d/openstack-dashboard.conf(我的域名是blog.qstack.com.cn)
<VirtualHost *:80>
ServerName blog.qstack.com.cn
<IfModule mod_rewrite.c>
RewriteEngine On #开启rewrite跳转
RewriteCond %{HTTPS} off
RewriteRule (.*) [https://%{HTTP_HOST}%{REQUEST_URI}](https://%25%7Bhttp_host%7D%25%7Brequest_uri%7D/)
#http跳转到https
</IfModule>
<IfModule !mod_rewrite.c>
RedirectPermanent / https://blog.qstack.com.cn
</IfModule>
</VirtualHost>
<VirtualHost *:443>
ServerName blog.qstack.com.cn
SSLEngine On #开启ssl
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /opt/2_blog.qstack.com.cn.crt #证书路径
SSLCACertificateFile /opt/2_blog.qstack.com.cn.crt #证书路径
SSLCertificateKeyFile /opt/3_blog.qstack.com.cn.key #证书路径
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
Header add Strict-Transport-Security "max-age=15768000"
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
第三步:使用apachectl -t检查httpd配置文件语法
[root@compute1 ~]# apachectl -t
AH00526: Syntax error on line 15 of /etc/httpd/conf.d/openstack-dashboard.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
解决方法:
yum install mod_ssl -y
第四步:重启httpd
systemctl restart httpd
使用刚配置的域名访问https://blog.qstack.com.cn/dashboard
image
如果希望实例的控制台也使用https,需要配置控制节点的/etc/nova/nova.conf,让nova-novncproxy使用https,并且计算节点的vncproxy地址也修改为https。
novncproxy_base_url = https://10.0.0.11:6080/vnc_auto.html
至此,配置完成
参考资料:
https://docs.openstack.org/horizon/pike/admin/customize-configure.html
网友评论