Ask Your Question
0

How to configure the RDO Dashboard for SSL

asked 2015-11-29 00:18:05 -0500

markallengray gravatar image

I have RDO OpenStack (https://www.rdoproject.org/install/quickstart/ (https://www.rdoproject.org/install/qu...)) installed and running on CentOS 7. Access to the Horizon Dashboard is by HTTP; HTTPS is not enabled or configured. RDO's instructions on how to configure Horizon to use SSL are here: https://www.rdoproject.org/install/horizonssl/ (https://www.rdoproject.org/install/ho...). I followed those instruction. I have mod_ssl installed, I have created a self-signed certificate, and I have modified the ssl.conf file as instructed. When I go to the Dashboard using https:// I get the expected "This connection is untrusted" and it allowed me to add it as an exception, however, once added, I get "Not Found. The requested URL /dashboard was not found on this server." HTTP to the Dashboard still works, but HTTPS produces the "Not Found" page.

Back to the instructions at https://www.rdoproject.org/install/horizonssl/ (https://www.rdoproject.org/install/ho...). It says to add the following to /etc/httpd/conf.d/openstack-dashboard.conf:

RewriteEngine On

RewriteCond %{HTTPS} !on

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

However, when I open that file it says: "This file has been cleaned by Puppet. OpenStack Horizon configuration has been moved to: 15-horizon_vhost.conf and 15-horizon_ssl_vhost.conf".

When I look for those two files, I see only one, 15-horizon_vhost.conf. I tried adding those three lines to both openstack-dashboard.conf and to 15-horizon_vhost.conf, followed by a stop and start of Apache, however, neither change worked. I still get the "Not Found" page.

Any help would be greatly appreciated.

edit retag flag offensive close merge delete

Comments

I was redirected to a wrong URL removing this line from 15-horizon_vhost.conf RedirectPermanent / https://localhost and restart httpd solved the issue.

sibomarie gravatar imagesibomarie ( 2016-10-28 08:17:34 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2016-01-12 03:48:40 -0500

mrunge gravatar image

You should be adding another port to /etc/httpd/conf.d/15-horizon_vhost.conf

There is currently only port 80 mentioned. My recommendation would be to change that to 443 and to add a simple landing page to redirect a user from / to https://..../dashboard

edit flag offensive delete link more
0

answered 2016-01-12 06:50:52 -0500

dbaxps gravatar image

Using answer field as comment :-
After rerun packstack with CONFIG_HORIZON_SSL=y (RDO Kilo)
I found two files :-

[root@ip-192-169-142-127 conf.d(keystone_admin)]# ls -l 15-horizon*
-rw-r--r--. 1 root root 1451 Jan 12 15:09 15-horizon_ssl_vhost.conf
-rw-r--r--. 1 root root 1193 Jan 12 15:31 15-horizon_vhost.conf

Entries for 15-horizon_ssl_vhost.conf where generated during packstack run :-

[root@ip-192-169-142-127 ~]# ls -l /etc/pki/tls/certs/ssl_dashboard.crt
-rw-r--r--. 1 root root 2217 Jan 12 14:13 /etc/pki/tls/certs/ssl_dashboard.crt
[root@ip-192-169-142-127 ~]# ls -l /etc/pki/tls/private/ssl_dashboard.key
-rw-r--r--. 1 root root 3273 Jan 12 14:13 /etc/pki/tls/private/ssl_dashboard.key
[root@ip-192-169-142-127 ~]# ls -l /etc/pki/tls/certs/packstack_cacert.crt
-rw-r--r--. 1 root root 2265 Jan 12 14:13 /etc/pki/tls/certs/packstack_cacert.crt

After updating port 80 to 443 in 15-horizon_vhost.conf && systemctl restart httpd
I got ssh connection to dashboard , having to approve untrusted connection.

Attempt to update 15-horizon_ssl_vhost.conf with certficates been placed into
/root/packstackca resulted  failure restart httpd
edit flag offensive delete link more

Comments

I am also facing the same issue cannot start httpd service when I tried to configure https. giving me the same error. The interesting part is through packstack I choose https for horizon it works fine but when I configure manually, I am unable to start the service at all.

mkhan gravatar imagemkhan ( 2017-05-17 13:50:38 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-11-29 00:18:05 -0500

Seen: 1,726 times

Last updated: Jan 12 '16