Ask Your Question
0

Horizon Dashboard Over HTTPS (IceHouse & Centos 6.5)

asked 2014-06-24 12:33:37 -0600

loopback127 gravatar image

I'm trying to set up the dashboard to work over HTTPS however I am having trouble setting it up. I have been trying to follow the instructions ( http://docs.openstack.org/trunk/config-reference/content/configure-dashboard.html (http://docs.openstack.org/trunk/confi...) ) however they are applicable to Ubunutu and I can't seem to get it working for Centos.

The following is my /etc/httpd/conf.d/openstack-dashboard.conf:

#WSGIDaemonProcess dashboard
#WSGIProcessGroup dashboard
#WSGISocketPrefix run/wsgi
#
#WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
#Alias /static /usr/share/openstack-dashboard/static
#
#<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
#  Order allow,deny
#  Allow from all
#</Directory>

<VirtualHost xx.xx.xx.229:80>
    ServerName xx.xx.xx.229.com
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </IfModule>
    <IfModule !mod_rewrite.c>
        RedirectPermanent / https://xx.xx.xx.229.com
    </IfModule>
</VirtualHost>
<VirtualHost xx.xx.xx.229:443>
    ServerName xx.xx.xx.229.com

    SSLEngine On
    # Remember to replace certificates and keys with valid paths in your environment
    SSLCertificateFile /etc/httpd/conf.d/SSL/dashboard.crt
    SSLCACertificateFile /etc/httpd/conf.d/SSL/dashboard.crt
    SSLCertificateKeyFile /etc/httpd/conf.d/SSL/dashboard.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    # HTTP Strict Transport Security (HSTS) enforces that all communications
    # with a server go over SSL. This mitigates the threat from attacks such
    # as SSL-Strip which replaces links on the wire, stripping away https prefixes
    # and potentially allowing an attacker to view confidential information on the
    # wire
    Header add Strict-Transport-Security "max-age=15768000"

    WSGIDaemonProcess dashboard
    WSGIProcessGroup dashboard
    #WSGISocketPrefix run/wsgi

    WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
    Alias /static /usr/share/openstack-dashboard/static

    <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Accessing the site however results in a 404 (it does redirect to 443). Any ideas as to how I should fix this?

edit retag flag offensive close merge delete

Comments

On RH system there is parameter in answer-file :-

# To set up Horizon communication over https set this to "y"

CONFIG_HORIZON_SSL=y

dbaxps gravatar imagedbaxps ( 2014-06-24 12:55:55 -0600 )edit

I am not using pacstack.

loopback127 gravatar imageloopback127 ( 2014-06-24 13:40:52 -0600 )edit

1) Do you have this file /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi 2) Add this line in your virtual host to get more details about the error. 

 ErrorLog /tmp/horizon.log
 LogLevel debug

Or you can look for the logs under /var/log/apache2

Haneef Ali gravatar imageHaneef Ali ( 2014-06-24 13:53:58 -0600 )edit

You may want to post the errors for /var/log/httpd/error.log. See what types of errors are coming back. Your redirect sends it to https but I'm not sure if you are appending the /dashboard to it.

mpetason gravatar imagempetason ( 2014-06-25 12:56:54 -0600 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-06-26 02:58:05 -0600

loopback127 gravatar image

I have solved my problem. I misunderstood how HTTPS for the dashboard is configured in Icehouse and it is apparently very easy to set up now that I understand what needs to be done. To clarify for anyone else who does not understand the setup:

The following is my VirtualHost settings in my /etc/httpd/conf/httpd.conf:

<VirtualHost *:80>
    ServerAdmin webmaster@servername.com
    # This has to do with an alternate main page
    DirectoryIndex index.php
    DocumentRoot /var/www/html/
    ServerName servername.com

    #This is the redirect
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

    <FilesMatch "^\.ht">
    Order allow,deny
    deny from all
    </FilesMatch>

    AddType application/x-httpd-php .php .html
    AddHandler application/x-httpd-php .php .html
    ErrorLog logs/servername.com-error_log
    CustomLog logs/servername.com-access_log common

</VirtualHost>

And this is my /etc/httpd/conf.d/openstack-dashboard.conf (original to the installation):

WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi

WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /static /usr/share/openstack-dashboard/static

<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
  Order allow,deny
  Allow from all
</Directory>
edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-06-24 12:33:37 -0600

Seen: 1,939 times

Last updated: Jun 26 '14

Related questions

EndpointNotFound: publicURL endpoint for identity service not found [closed]

"MissingSchema at /admin/" from havana dashboard

dashboard no longer working after reboot - Fedora -20

User/service accounts appear to be configured correctly, but I am getting user not found error. Icehouse on Centos.

can't access my VM created on Azure from horizon web interface?

IOError: [Errno 13] Permission denied: '/tmp/.secret_key_store

not able to ssh into vm in icehouse [closed]

How to run CentOS images that work?

Modify Horizon to provide federated access

Openstack resource integration