SSL for both RedHat and Ubuntu
Change-Id: I486b74740b873d0470c9d6abc0eb66e5c1464708
diff --git a/horizon/files/openstack-dashboard.conf.Debian b/horizon/files/openstack-dashboard.conf.Debian
index e65c9ac..40942a2 100644
--- a/horizon/files/openstack-dashboard.conf.Debian
+++ b/horizon/files/openstack-dashboard.conf.Debian
@@ -22,3 +22,35 @@
Require all granted
</Directory>
+
+{% if server.get('ssl', {}).get('enabled', False) %}
+
+<VirtualHost {{ server.bind.address }}:443>
+ ServerName {{ server.host.name }}
+
+ SSLEngine On
+ SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
+ SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
+ SSLCertificateFile {{ server.certs_dir }}/{{ server.host.name }}.crt
+ SSLCertificateKeyFile {{ server.private_dir }}/{{ server.host.name }}.key
+ SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown/
+
+ WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
+ Alias /static /usr/share/openstack-dashboard/static
+
+ <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
+ <IfModule mod_deflate.c>
+ SetOutputFilter DEFLATE
+ <IfModule mod_headers.c>
+ # Make sure proxies don’t deliver the wrong content
+ Header append Vary User-Agent env=!dont-vary
+ </IfModule>
+ </IfModule>
+
+ Order allow,deny
+ Allow from all
+ </Directory>
+</VirtualHost>
+
+{% endif %}
\ No newline at end of file
diff --git a/horizon/files/openstack-dashboard.conf.RedHat b/horizon/files/openstack-dashboard.conf.RedHat
index 1742bde..00852fc 100644
--- a/horizon/files/openstack-dashboard.conf.RedHat
+++ b/horizon/files/openstack-dashboard.conf.RedHat
@@ -1,7 +1,5 @@
{% from "horizon/map.jinja" import server with context %}
-{% if not server.get('ssl', {}).get('enabled', False) %}
-
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
@@ -35,44 +33,9 @@
Allow from all
</Directory>
-{% else %}
+{% if server.get('ssl', {}).get('enabled', False) %}
-#RedirectPermanent / https://{{ server.host.name }}
-
-WSGIDaemonProcess dashboard
-WSGIProcessGroup dashboard
-WSGISocketPrefix run/wsgi
-
-WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
-Alias /static /usr/share/openstack-dashboard/static
-
-<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
- <IfModule mod_deflate.c>
- SetOutputFilter DEFLATE
- <IfModule mod_headers.c>
- # Make sure proxies don’t deliver the wrong content
- Header append Vary User-Agent env=!dont-vary
- </IfModule>
- </IfModule>
-
- Order allow,deny
- Allow from all
-</Directory>
-
-<Directory /usr/share/openstack-dashboard/static>
- <IfModule mod_expires.c>
- ExpiresActive On
- ExpiresDefault "access 6 month"
- </IfModule>
- <IfModule mod_deflate.c>
- SetOutputFilter DEFLATE
- </IfModule>
-
- Order allow,deny
- Allow from all
-</Directory>
-
-<VirtualHost {{ pillar.horizon.server.bind.address }}:443>
+<VirtualHost {{ server.bind.address }}:443>
ServerName {{ server.host.name }}
SSLEngine On
@@ -83,10 +46,6 @@
SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown/
-# WSGIDaemonProcess dashboard
-# WSGIProcessGroup dashboard
-# WSGISocketPrefix run/wsgi
-
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /static /usr/share/openstack-dashboard/static