1. /etc/openstack-dashboard/local_settings
USE_SSL = True
CSRF_COOKIE_SECURE = TrueSESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
OPENSTACK_SSL_NO_VERIFY = True
2. /etc/httpd/conf/httpd.conf
NameVirtualHost *:443
3. /etc/httpd/conf.d/openstack-dashboard.conf
openssl genrsa 1024 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
+++++++++++
<VirtualHost *:80>
ServerName IP
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
<IfModule !mod_rewrite.c>
RedirectPermanent / https://IP/
</IfModule>
</VirtualHost>
<VirtualHost *:443>
ServerName IP
SSLEngine On
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /etc/httpd/host.cert
SSLCACertificateFile /etc/httpd/host.cert
SSLCertificateKeyFile /etc/httpd/host.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
# HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
# WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
WSGIDaemonProcess dashboard
Alias /static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
# For Apache http server 2.2 and earlier:
Order allow,deny
Allow from all
# For Apache http server 2.4 and later:
# Require all granted
</Directory>
</VirtualHost>
扫一扫
1309
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
