You can configure the dashboard for a secured HTTPS deployment. While the standard installation uses a non-encrypted HTTP channel, you can enable SSL support for the dashboard. The following example uses the domain, "http://openstack.example.com." Use a domain that fits your current setup. In/etc/openstack-dashboard/local_settings.py update the following directives:USE_SSL = True CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True SESSION_COOKIE_HTTPONLY = True The first option is required to enable HTTPS. The other recommended settings defend against cross-site scripting and require HTTPS. Edit /etc/apache2/ports.conf and add the following line: NameVirtualHost *:443 Edit /etc/apache2/conf.d/openstack-dashboard.conf: Before: WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> # For Apache http server 2.2 and earlier: Order allow,deny Allow from all # For Apache http server 2.4 and later: # Require all granted </Directory> After: <VirtualHost *:80> ServerName openstack.example.com <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> <IfModule !mod_rewrite.c> RedirectPermanent / https://openstack.example.com </IfModule> </VirtualHost> <VirtualHost *:443> ServerName openstack.example.com SSLEngine On # Remember to replace certificates and keys with valid paths in your environment SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown # HTTP Strict Transport Security (HSTS) enforces that all communications # with a server go over SSL. This mitigates the threat from attacks such # as SSL-Strip which replaces links on the wire, stripping away https prefixes # and potentially allowing an attacker to view confidential information on the # wire Header add Strict-Transport-Security "max-age=15768000" WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> # For Apache http server 2.2 and earlier: Order allow,deny Allow from all # For Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost> In this configuration, Apache http server listens on the port 443 and redirects all the hits to the HTTPS protocol for all the non-secured requests. The secured section defines the private key, public key, and certificate to use. Restart Apache http server. For Debian/Ubuntu/SUSE: # service apache2 restart Or for Fedora/RHEL/CentOS: # service httpd restart Next, restart memcached: # service memcached restart If you try to access the dashboard through HTTP, the browser redirects you to the HTTPS page.