How to configure haproxy for https dashboard

asked 2014-12-02 01:26:38 -0600

laocius gravatar image

I tried to use haproxy for the dashboard high availability and encryption. I can visit my dashboard through https://my_ip/dashboard . But when I tried to login, it will redirect the page to http, which is not encrypted.

here's my haproxy configuration:

frontend horizon-https-vip

bind x.x.x.x:443 ssl crt /root/server.pem ca-file /root/server.crt

reqadd X-Forwarded-Proto:\ https

default_backend horizon-https-api

backend horizon-https-api

    redirect scheme https code 301 if !{ ssl_fc }

    balance  source

    cookie  SERVERID insert indirect nocache

    mode  http

    option  forwardfor

    option  httpchk

    option  httpclose

    rspidel  ^Set-cookie:\ IP=

    server controller01 cookie controller01 check inter 2000 rise 2 fall 5

    server controller02 cookie controller02 check inter 2000 rise 2 fall 5
edit retag flag offensive close merge delete


Did you change something on Horizons configs? Ususally, when choosing either http or https, your connection stays that way. Are your LB to force sessions to be https?

mrunge gravatar imagemrunge ( 2014-12-02 01:53:36 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2015-12-08 03:57:28 -0600

sxc731 gravatar image

updated 2016-02-19 02:38:31 -0600

Looks like you're nearly there. All it took to fix mine in that state was to uncomment the following line in /etc/openstack-dashboard/


Depending on the version of Django in use, you may need notice that the header looks different (mine as deployed by Mirantis OS 6.1 (Juno) says HTTP_X_FORWARDED_PROTOCOL, although it seems to have changed in Django 1.5). To be "forward-compatible", I have left both versions in haproxy's front-end declaration:

  reqadd X-Forwarded-Proto:\ https
  reqadd X-Forwarded-Protocol:\ https

Then restart the haproxy resource: crm resource restart p_haproxy (you may need to adjust the name of the resource and/or restart method if not using Pacemaker/corosync).

I have penned more comprehensive answer here:

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-12-02 01:26:38 -0600

Seen: 3,310 times

Last updated: Feb 19 '16