openstack/openstack-ansible-os_horizon
Code Issues Proposed changes
39c6022bf6
openstack-ansible-os_horizon/templates/openstack_dashboard.conf.j2
Andre 1ec9350823 Update permissions for apache >= 2.4 
When running in apache 2.4(Debian 10), the following error was observed
when acessing the openstack dasboard:
AH01626: authorization result of Require all denied: denied.

This change allow to use the correct wsgi file and apply the correct
permissions based on Apache version

Change-Id: I57cdc73b3c3e466e77f6ed2d21671acb8157df84
2020-05-08 14:58:43 +01:00

74 lines
2.8 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
# If horizon is being served via SSL from this web server,
# then we must redirect HTTP requests to HTTPS.
{% if (horizon_enable_ssl | bool) and not (horizon_external_ssl | bool) %}
<VirtualHost {{ horizon_bind_address }}:{{ horizon_listen_ports.http }}>
ServerName {{ horizon_server_name }}
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
{% endif %}
# If horizon is being served via SSL via a load balancer, we
# need to listen via HTTP on this web server. If SSL is not
# enabled, then the same applies.
<VirtualHost {{ horizon_bind_address }}:{{ ((horizon_enable_ssl | bool) and not (horizon_external_ssl | bool)) | ternary(horizon_listen_ports.https, horizon_listen_ports.http) }}>
ServerName {{ horizon_server_name }}
LogLevel {{ horizon_log_level }}
ErrorLog syslog:daemon
CustomLog "|/usr/bin/env logger -p daemon.info -t {{ horizon_system_service_name }}" {{ horizon_apache_custom_log_format }}
Options +FollowSymLinks
{% if (horizon_enable_ssl | bool) and not (horizon_external_ssl | bool) %}
SSLEngine on
SSLCertificateFile {{ horizon_ssl_cert }}
SSLCertificateKeyFile {{ horizon_ssl_key }}
{% if horizon_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ horizon_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ horizon_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ horizon_ssl_cipher_suite }}
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
{% endif %}
{% if (horizon_enable_ssl | bool) and (horizon_external_ssl | bool) %}
RequestHeader set {{ horizon_secure_proxy_ssl_header }} "https"
{% elif not (horizon_enable_ssl | bool) and (horizon_external_ssl | bool) %}
RequestHeader set {{ horizon_secure_proxy_ssl_header }} "http"
{% endif %}
WSGIScriptAlias / {{ horizon_lib_wsgi_file }}
WSGIDaemonProcess horizon user={{ horizon_system_user_name }} group={{ horizon_system_group_name }} processes={{ horizon_wsgi_processes | default(horizon_wsgi_threads) }} threads={{ horizon_wsgi_threads }} python-path={{ horizon_lib_dir | dirname }}/site-packages
WSGIProcessGroup horizon
WSGIApplicationGroup %{GLOBAL}
<Directory {{ horizon_lib_wsgi_file | dirname }}>
<Files {{ horizon_lib_wsgi_file | basename }} >
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Files>
</Directory>
Alias /static {{ horizon_lib_dir }}/static/
<Directory {{ horizon_lib_dir }}/static/>
Options -FollowSymlinks
<IfVersion < 2.4>
AllowOverride None
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
View Git Blame Copy Permalink