Ask Your Question
0

How to configure haproxy for https dashboard

asked 2014-12-02 01:26:38 -0600

laocius gravatar image

I tried to use haproxy for the dashboard high availability and encryption. I can visit my dashboard through https://my_ip/dashboard . But when I tried to login, it will redirect the page to http, which is not encrypted.

here's my haproxy configuration:

frontend horizon-https-vip

bind x.x.x.x:443 ssl crt /root/server.pem ca-file /root/server.crt

reqadd X-Forwarded-Proto:\ https

default_backend horizon-https-api

backend horizon-https-api

    redirect scheme https code 301 if !{ ssl_fc }

    balance  source

    cookie  SERVERID insert indirect nocache

    mode  http

    option  forwardfor

    option  httpchk

    option  httpclose

    rspidel  ^Set-cookie:\ IP=

    server controller01 10.0.0.1:80 cookie controller01 check inter 2000 rise 2 fall 5

    server controller02 10.0.0.2:80 cookie controller02 check inter 2000 rise 2 fall 5
edit retag flag offensive close merge delete

Comments

Did you change something on Horizons configs? Ususally, when choosing either http or https, your connection stays that way. Are your LB to force sessions to be https?

mrunge gravatar imagemrunge ( 2014-12-02 01:53:36 -0600 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-12-08 03:57:28 -0600

sxc731 gravatar image

updated 2016-02-19 02:38:31 -0600

Looks like you're nearly there. All it took to fix mine in that state was to uncomment the following line in /etc/openstack-dashboard/local_settings.py:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

Depending on the version of Django in use, you may need notice that the header looks different (mine as deployed by Mirantis OS 6.1 (Juno) says HTTP_X_FORWARDED_PROTOCOL, although it seems to have changed in Django 1.5). To be "forward-compatible", I have left both versions in haproxy's front-end declaration:

  reqadd X-Forwarded-Proto:\ https
  reqadd X-Forwarded-Protocol:\ https

Then restart the haproxy resource: crm resource restart p_haproxy (you may need to adjust the name of the resource and/or restart method if not using Pacemaker/corosync).

I have penned more comprehensive answer here: https://ask.openstack.org/en/question...

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-12-02 01:26:38 -0600

Seen: 3,310 times

Last updated: Feb 19 '16

Related questions

Assign Floating IP from shared network on dashboard problem

Can't open console from Chrome after recent update

Adding a drop down tab on Dashboard

Unable to login to dashboard

Help creating instance in Openstack Dashboard

IOError: [Errno 13] Permission denied: '/tmp/.secret_key_store

Network tab not visible in Dashboard

Nova Detach/Attach Interface via Dashboard

Create a Network Toplogy via Dashboard

How to debug issues connecting to the dashboard?