Unable to login after SSL configuration
I installed openstack through devstack and everything is fine. Now, I tried to configure Horizion to work with HTTPs and I followed the guide: https://docs.openstack.org/juno/config-reference/content/configure-dashboard.html#dashboard-config-https (https://docs.openstack.org/juno/confi...)
I changed a bit some parameters since my configuration was different and the result horizon.conf file under /etc/apache2/sites-available is:
<VirtualHost *:80>
ServerName HIDED_IP
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
<IfModule !mod_rewrite.c>
RedirectPermanent / https://HIDED_IP/
</IfModule>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /opt/stack/horizon/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
# Apache 2.4 uses mod_authz_host for access control now (instead of
# "Allow")
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/horizon_error.log
LogLevel warn
CustomLog /var/log/apache2/horizon_access.log combined </VirtualHost> <VirtualHost *:443>
ServerName HIDED_IP
SSLEngine On
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /etc/apache2/ssl/openstack.crt
SSLCACertificateFile /etc/apache2/ssl/openstack.crt
SSLCertificateKeyFile /etc/apache2/ssl/openstack.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias /dashboard /opt/stack/horizon/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=stack group=stack processes=3 threads=10 home=/opt/stack/horizon display-name=%{GROUP}
WSGIApplicationGroup %{GLOBAL}
SetEnv APACHE_RUN_USER stack
SetEnv APACHE_RUN_GROUP stack
WSGIProcessGroup horizon
DocumentRoot /opt/stack/horizon/.blackhole/
Alias /dashboard/media /opt/stack/horizon/openstack_dashboard/static
Alias /dashboard/static /opt/stack/horizon/static
RedirectMatch "^/$" "/dashboard/"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /opt/stack/horizon/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
# Apache 2.4 uses mod_authz_host for access control now (instead of
# "Allow")
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/horizon_error.log
LogLevel warn
LogLevel warn
CustomLog /var/log/apache2/horizon_access.log combined
</VirtualHost>
WSGISocketPrefix /var/run/apache2
Also I added the key configuration parameter in the keystone.conf under /etc/apache2/sites-available. Having something like:
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=stack display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/local/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log keystone_combined
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/openstack.crt
SSLCACertificateFile /etc/apache2/ssl/openstack.crt
SSLCertificateKeyFile /etc/apache2/ssl/openstack.key
SSLVerifyDepth 1
</VirtualHost>
The keystone.log file of apache says:
AH01906: 127.0.0.1:35357:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
AH01909: 127.0.0.1:35357:0 server certificate does NOT include an ID which matches the server name
AH01906: 127.0.0.1:5000:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
AH01909: 127.0.0.1:5000:0 server certificate does NOT include an ID which matches the server name
The issue is that, I'm able to access ...