1. 生成https所需的密钥文件,具体步骤参看这里:点击打开链接
(1). openssl genrsa -des3 -out server.key 1024
(2). openssl req -new -key server.key -out server.csr
(3). cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
(4). openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
2. 下载https需要的模块:
yum install -y mod_ssl
下载完成后,会在/etc/httpd/modules/下多个mod_ssl.so的文件,以及在/etc/httpd/conf.d/多一个ssl.conf的文件
3. 配置ssl.conf
打开ssl.conf,找到<VirtualHost _default_:443>
在最后添加
WSGIDaemonProcess dashboard group=apache processes=3 threads=10 user=apache WSGIProcessGroup dashboard WSGIScriptAlias /dashboard "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi"
4.打开conf.d/15-horizon_vhost.conf,注释掉
WSGIDaemonProcess WSGIProcessGroup WSGIScriptAlias这三部分
5. 重启服务试试吧
service httpd restart
注意:
1. http默认监听80端口,https默认监听443端口,在httpd中有两个VirutalHost与之对应,即:在15-horizon-host.conf中定义着VirtualHost *:80,在ssl.conf中定义着VirtualHost *.443
2. 在Openstack的Horizon有以下代码
edirectMatch permanent ^/$ /dashboard WSGIScriptAlias /dashboard "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi"
控制着对 “/” 访问的重定向以及对静态文件的定向,最好不要写到VirtualHost里
3. 其实只要不在VirtualHost中定义
WSGIDaemonProcess dashboard group=apache processes=3 threads=10 user=apache WSGIProcessGroup dashboard WSGIScriptAlias /dashboard "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi"
即:在全局位置定义以上内容,就可以实现Horizon既支持http也支持https