Revision history [back]

Hi our ssl terminates on a proxy now, but we had something like

<VirtualHost *:443>
RewriteEngine on
RewriteRule ^/$ https://%{HTTP_HOST}/horizon [L,R]
ServerName horizon.example.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCACertificateFile /etc/ssl/certs/example.com.ca-bundle
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

#HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
# same as for http here
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads=10
WSGIProcessGroup horizon
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
# For Apache http server 2.2 and earlier:
#Order allow,deny
#Allow from all

# For Apache http server 2.4 and later:
Require all granted
</Directory>

CustomLog /var/log/apache2/openstack_access_log common
</VirtualHost>