openstack/kolla-ansible
Code Issues Proposed changes
52f73f4061
kolla-ansible/ansible/roles/horizon/templates/horizon.conf.j2
Jeffrey Zhang f5dd178fc5 Disable trace for all containers running httpd 
Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].

[0] https://security.stackexchange.com/a/7711

Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
Closes-Bug: #1705160
2017-07-19 10:52:41 +08:00

78 lines
3.1 KiB
Django/Jinja
Raw Blame History

{% set python_path = '/usr/share/openstack-dashboard' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ horizon_port }}
TraceEnable off
<VirtualHost *:{{ horizon_port }}>
LogLevel warn
ErrorLog /var/log/kolla/horizon/horizon.log
CustomLog /var/log/kolla/horizon/horizon-access.log combined
WSGIScriptReloading On
WSGIDaemonProcess horizon-http processes={{ openstack_service_workers }} threads=1 user=horizon group=horizon display-name=%{GROUP} python-path={{ python_path }}
WSGIProcessGroup horizon-http
WSGIScriptAlias / {{ python_path }}/openstack_dashboard/wsgi/django.wsgi
WSGIPassAuthorization On
<Location "/">
Require all granted
</Location>
{% if kolla_base_distro == 'ubuntu' and kolla_install_type == 'binary' %}
Alias /static /var/lib/openstack-dashboard/static
{% else %}
Alias /static {{ python_path }}/static
{% endif %}
<Location "/static">
SetHandler None
</Location>
</VirtualHost>
{% if kolla_enable_tls_external | bool %}
Header edit Location ^http://(.*)$ https://$1
{% else %}
# NOTE(Jeffrey4l): Only enable deflate when tls is disabled until the
# OSSN-0037 is fixed.
# see https://wiki.openstack.org/wiki/OSSN/OSSN-0037 for more information.
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>
{% endif %}
<IfModule mod_expires.c>
<Filesmatch "\.(jpg|jpeg|png|gif|js|css|swf|ico|woff)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType text/css "access plus 1 year"
ExpiresByType image/x-ico "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
Header merge Cache-Control public
Header unset ETag
</Filesmatch>
</IfModule>
View Git Blame Copy Permalink