openstack/openstack-ansible-os_horizon
Code Issues Proposed changes
934a41d6b1
openstack-ansible-os_horizon/templates/openstack_dashboard.conf.j2
Tom Jose Kalapura 896b2c72cf Use horizon_ssl_protocol variable 
This fix help in overriding the required ssl_protocol. Enabling TLS 1.0 and
TLS 1.1 as it prone to TLS Supported Cipher Suites Vulnerability and
using TLSv1.2 will remediate this vulnerability.

Change-Id: I4f7541a1e8e24e38aa8b9dcd84171c380d04c3d8
2017-03-01 13:53:31 -08:00

59 lines
1.9 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
{% if not horizon_external_ssl | bool %}
<VirtualHost *:80>
ServerName {{ horizon_server_name }}
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
{% endif %}
<VirtualHost *:{% if not horizon_external_ssl | bool %}443{% else %}80{% endif %}>
ServerName {{ horizon_server_name }}
LogLevel {{ horizon_log_level }}
ErrorLog /var/log/horizon/horizon-error.log
CustomLog /var/log/horizon/ssl_access.log {{ horizon_apache_custom_log_format }}
Options +FollowSymLinks
{% if not horizon_external_ssl | bool %}
SSLEngine on
SSLCertificateFile {{ horizon_ssl_cert }}
SSLCertificateKeyFile {{ horizon_ssl_key }}
{% if horizon_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ horizon_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ horizon_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ horizon_ssl_cipher_suite }}
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
{% else %}
RequestHeader set {{ horizon_secure_proxy_ssl_header }} "https"
{% endif %}
WSGIScriptAlias / {{ horizon_lib_wsgi_file }}
WSGIDaemonProcess horizon user={{ horizon_system_user_name }} group={{ horizon_system_group_name }} processes={{ horizon_wsgi_processes | default(horizon_wsgi_threads) }} threads={{ horizon_wsgi_threads }} python-path={{ horizon_bin | dirname }}/lib/python2.7/site-packages
WSGIProcessGroup horizon
WSGIApplicationGroup horizon
<Directory {{ horizon_lib_wsgi_file | dirname }}>
<Files django.wsgi>
Order allow,deny
allow from all
Require all granted
</Files>
</Directory>
Alias /static {{ horizon_lib_dir }}/static/
<Directory {{ horizon_lib_dir }}/static/>
Options -FollowSymlinks
AllowOverride None
Order allow,deny
allow from all
Require all granted
</Directory>
</VirtualHost>
View Git Blame Copy Permalink