components/openstack/horizon/files/openstack-dashboard-tls.conf
author Drew Fisher <drew.fisher@oracle.com>
Wed, 15 Oct 2014 15:19:07 -0600
changeset 2152 1cea7a430dd7
parent 1765 dabcbc66ca36
child 3998 5bd484384122
permissions -rw-r--r--
19825273 horizon default config should disable SSL 2 & 3
<IfDefine 64bit>
    LoadModule wsgi_module libexec/64/mod_wsgi-2.6.so
</IfDefine>
<IfDefine !64bit>
    LoadModule wsgi_module libexec/mod_wsgi-2.6.so
</IfDefine>

#
# Enable Solaris Cryptographic Framework
#
SSLCryptoDevice pkcs11

<VirtualHost *:80>
    RedirectPermanent /horizon https://openstack.example.com/horizon
</VirtualHost>

Listen 443

<VirtualHost *:443>
    ServerName openstack.example.com

    SSLEngine On

    # Disable the known insecure SSLv2 & SSLv3 protocols
    SSLProtocol all -SSLv2 -SSLv3

    #
    # For an overview on SSL with Apache see:
    #    http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html
    # For examples on how to configure certificates and keys see:
    #    http://www.akadia.com/services/ssh_test_certificate.html
    #
    SSLCertificateFile /path/to/Server_PEM-encoded_X.509_Certificate_file
    SSLCACertificateFile /path/to/Concatenated_PEM-encoded_CA_Certificates
    SSLCertificateKeyFile /path/to/Server_PEM-encoded_Private_Key_file

    WSGIScriptAlias /horizon \
        /usr/lib/python2.6/vendor-packages/openstack_dashboard/wsgi/django.wsgi
    WSGIDaemonProcess horizon user=webservd group=webservd processes=3 \
        threads=10

    Alias /static /var/lib/openstack_dashboard/static/

    <Directory /usr/lib/python2.6/vendor-packages/openstack_dashboard/wsgi>
        Order allow,deny
        Allow from all
    </Directory>

    <Directory /var/lib/openstack_dashboard/static>
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>