You can configure the dashboard for a simple HTTP deployment or a secured HTTPS deployment. While the standard installation uses a non-encrypted HTTP channel, you can enable SSL support for the dashboard. Specify the host for your OpenStack Identity Service endpoint in the /etc/openstack-dashboard/local_settings.py file with the OPENSTACK_HOST setting. The following example shows this setting: The service catalog configuration in the Identity Service determines whether a service appears in the dashboard. For the full listing, see Horizon Settings and Configuration. Restart Apache and memcached: # service apache2 restart # service memcached restart The following example uses the domain, "http://openstack.example.com." Use a domain that fits your current setup. In/etc/openstack-dashboard/local_settings.py update the following directives:USE_SSL = True CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True SESSION_COOKIE_HTTPONLY = True The first option is required to enable HTTPS. The other recommended settings defend against cross-site scripting and require HTTPS. Edit /etc/apache2/ports.conf and add the following line: NameVirtualHost *:443 Edit /etc/apache2/conf.d/openstack-dashboard.conf: Before: WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Order allow,deny Allow from all </Directory> After: <VirtualHost *:80> ServerName openstack.example.com <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> <IfModule !mod_rewrite.c> RedirectPermanent / https://openstack.example.com </IfModule> </VirtualHost> <VirtualHost *:443> ServerName openstack.example.com SSLEngine On # Remember to replace certificates and keys with valid paths in your environment SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown # HTTP Strict Transport Security (HSTS) enforces that all communications # with a server go over SSL. This mitigates the threat from attacks such # as SSL-Strip which replaces links on the wire, stripping away https prefixes # and potentially allowing an attacker to view confidential information on the # wire Header add Strict-Transport-Security "max-age=15768000" WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Order allow,deny Allow from all </Directory> </VirtualHost> In this configuration, Apache listens on the port 443 and redirects all the hits to the HTTPS protocol for all the non-secured requests. The secured section defines the private key, public key, and certificate to use. Restart Apache and memcached: # service apache2 restart # service memcached restart If you try to access the dashboard through HTTP, the browser redirects you to the HTTPS page. The _detail_vnc.html file defines the size of the VNC window. To change the window size, edit this file. Edit /usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html. Modify the width and height parameters, as follows: <iframe src="{{ vnc_url }}" width="720" height="430"></iframe>