chef/cookbooks/horizon/templates/suse/openstack-dashboard.conf.erb
<% if @use_ssl %>
<IfDefine SSL>
<IfDefine !NOSSL>
Listen <%= @bind_host %>:<%= @bind_port %>
<% if @bind_host_ipv6 %>
# Redirect non-SSL traffic to SSL for ipv6
<VirtualHost <%= @bind_host %>:<%= @bind_port %>>
RewriteEngine On
# If request was explicit about this port, then we redirect with the
# explicit SSL port. This is needed in the HA case, where we use
# non-standard ports.
RewriteCond %{REQUEST_URI} !^/server-status
# Extract port
RewriteCond %{HTTP_HOST} ^(\[\S+\])(:[0-9]+)?$
RewriteCond %2 ^:<%= @bind_port %>$
# Remove port from HTTP_HOST
RewriteCond %{HTTP_HOST} ^(\[\S+\])(:[0-9]+)?$
RewriteRule / https://%1:<%= @bind_port_ssl %>%{REQUEST_URI} [L,R]
# Otherwise, we simply redirect to https.
RewriteCond %{REQUEST_URI} !^/server-status
# Remove port from HTTP_HOST
RewriteCond %{HTTP_HOST} ^(\[\S+\])(:[0-9]+)?$
RewriteRule / https://%1%{REQUEST_URI} [L,R]
</VirtualHost>
<% else %>
# Redirect non-SSL traffic to SSL for ipv4
<VirtualHost <%= @bind_host %>:<%= @bind_port %>>
RewriteEngine On
# If request was explicit about this port, then we redirect with the
# explicit SSL port. This is needed in the HA case, where we use
# non-standard ports.
RewriteCond %{REQUEST_URI} !^/server-status
# Extract port
RewriteCond %{HTTP_HOST} ^([^:]+)(:[0-9]+)?$
RewriteCond %2 ^:<%= @bind_port %>$
# Remove port from HTTP_HOST
RewriteCond %{HTTP_HOST} ^([^:]+)(:[0-9]+)?$
RewriteRule / https://%1:<%= @bind_port_ssl %>%{REQUEST_URI} [L,R]
# Otherwise, we simply redirect to https.
RewriteCond %{REQUEST_URI} !^/server-status
# Remove port from HTTP_HOST
RewriteCond %{HTTP_HOST} ^([^:]+)(:[0-9]+)?$
RewriteRule / https://%1%{REQUEST_URI} [L,R]
</VirtualHost>
<% end %>
Listen <%= @bind_host %>:<%= @bind_port_ssl %>
<VirtualHost <%= @bind_host %>:<%= @bind_port_ssl %>>
SSLEngine On
SSLCipherSuite DEFAULT_SUSE
SSLProtocol all -SSLv2 -SSLv3
# Prevent plaintext downgrade for 180 days
Header always set Strict-Transport-Security "max-age=15552000"
SSLCertificateFile <%= @ssl_crt_file %>
SSLCertificateKeyFile <%= @ssl_key_file %>
<% unless @ssl_crt_chain_file.nil? or @ssl_crt_chain_file.empty? %>
SSLCACertificateFile <%= @ssl_crt_chain_file %>
<% end %>
<% else %>
Listen <%= @bind_host %>:<%= @bind_port %>
<VirtualHost <%= @bind_host %>:<%= @bind_port %>>
<% end %>
WSGIScriptAlias / <%= @horizon_dir %>/openstack_dashboard/wsgi.py
WSGIDaemonProcess horizon user=<%= @user %> group=<%= @group %> processes=3 threads=10 display-name=%{GROUP}
SetEnv APACHE_RUN_USER <%= @user %>
SetEnv APACHE_RUN_GROUP <%= @group %>
WSGIProcessGroup horizon
DocumentRoot <%= @horizon_dir %>
Alias /media <%= @horizon_dir %>/media
Alias /static <%= @horizon_dir %>/static
<% unless @grafana_url.empty? %>
ProxyPass "/grafana" "<%= @grafana_url %>"
ProxyPassReverse "/grafana" "<%= @grafana_url %>"
<% end %>
Timeout 120
<Location /static>
SetOutputFilter DEFLATE
ExpiresActive on
ExpiresDefault "access plus 1 month"
</Location>
<% unless @grafana_url.empty? %>
<Location /grafana>
Require all granted
</Location>
<% end %>
<Directory />
Options None
AllowOverride None
<%- if node[:apache][:version].to_f < 2.4 %>
Order deny,allow
Deny from all
<%- else %>
Require all denied
<%- end %>
</Directory>
<Directory <%= @horizon_dir %>/>
Options FollowSymLinks MultiViews
AllowOverride None
<%- if node[:apache][:version].to_f < 2.4 %>
Order allow,deny
allow from all
<%- else %>
Require all granted
<%- end %>
</Directory>
ErrorLog /var/log/apache2/openstack-dashboard-error_log
LogLevel warn
<% if @behind_proxy -%>
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy_combined
CustomLog /var/log/apache2/openstack-dashboard-access_log proxy_combined
<% else -%>
CustomLog /var/log/apache2/openstack-dashboard-access_log combined
<% end -%>
</VirtualHost>
<% if @use_ssl %>
</IfDefine>
</IfDefine>
<% end %>