3daded6242
TLS can be used to encrypt and authenticate the connection with OpenStack endpoints. This patch provides the necessary parameters and changes the resulting service configurations to enable TLS for the Kolla deployed OpenStack cloud. The new input parameters are: kolla_enable_tls_external: "yes" or "no" (default is "no") kolla_external_fqdn_cert: "/etc/kolla/certificates/haproxy.pem" kolla_external_fqdn_cacert: "/etc/kolla/certificates/haproxy-ca.crt" Implements: blueprint kolla-ssl Change-Id: I48ef8a781c3035d58817f9bf6f36d59a488bab41
29 lines
1.1 KiB
Django/Jinja
29 lines
1.1 KiB
Django/Jinja
{% set apache_dir = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
|
|
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
|
|
Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:80
|
|
|
|
<VirtualHost *:80>
|
|
LogLevel warn
|
|
ErrorLog /var/log/{{ apache_dir }}/horizon.log
|
|
CustomLog /var/log/{{ apache_dir }}/horizon-access.log combined
|
|
|
|
WSGIScriptReloading On
|
|
WSGIDaemonProcess horizon-http processes=5 threads=1 user=horizon group=horizon display-name=%{GROUP} python-path={{ python_path }}
|
|
WSGIProcessGroup horizon-http
|
|
WSGIScriptAlias / {{ python_path }}/openstack_dashboard/wsgi/django.wsgi
|
|
WSGIPassAuthorization On
|
|
|
|
<Location "/">
|
|
Require all granted
|
|
</Location>
|
|
|
|
Alias /static {{ python_path }}/static
|
|
<Location "/static">
|
|
SetHandler None
|
|
</Location>
|
|
</Virtualhost>
|
|
|
|
{% if kolla_enable_tls_external | bool %}
|
|
Header edit Location ^http://(.*)$ https://$1
|
|
{% endif %}
|