41f3380691
In order to avoid conflicts with other applications running Apache, like keystone, we avoid using ports.conf for Listen and using VHost files for this purpose. We place same dummy template as keystone does for upgrade purposes. Change-Id: I8a5ef5234b8aee1e7b3517e9543d2af0a84e90ce
83 lines
3.2 KiB
Django/Jinja
83 lines
3.2 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% for horizon_listen_port in horizon_listen_ports.values() %}
|
|
Listen {{ horizon_bind_address }}:{{ horizon_listen_port }}
|
|
{% endfor %}
|
|
|
|
# If horizon is being served via SSL from this web server,
|
|
# then we must redirect HTTP requests to HTTPS.
|
|
{% if (horizon_enable_ssl | bool) and not (horizon_external_ssl | bool) %}
|
|
<VirtualHost {{ horizon_bind_address }}:{{ horizon_listen_ports.http }}>
|
|
ServerName {{ horizon_server_name }}
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} !=on
|
|
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
|
|
</VirtualHost>
|
|
{% endif %}
|
|
|
|
# If horizon is being served via SSL via a load balancer, we
|
|
# need to listen via HTTP on this web server. If SSL is not
|
|
# enabled, then the same applies.
|
|
<VirtualHost {{ horizon_bind_address }}:{{ ((horizon_enable_ssl | bool) and not (horizon_external_ssl | bool)) | ternary(horizon_listen_ports.https, horizon_listen_ports.http) }}>
|
|
ServerName {{ horizon_server_name }}
|
|
LogLevel {{ horizon_log_level }}
|
|
ErrorLog syslog:daemon
|
|
CustomLog "|/usr/bin/env logger -p daemon.info -t {{ horizon_system_service_name }}" {{ horizon_apache_custom_log_format }}
|
|
Options +FollowSymLinks
|
|
{% if (horizon_enable_ssl | bool) and not (horizon_external_ssl | bool) %}
|
|
SSLEngine on
|
|
SSLCertificateFile {{ horizon_ssl_cert }}
|
|
SSLCertificateKeyFile {{ horizon_ssl_key }}
|
|
{% if horizon_user_ssl_ca_cert is defined -%}
|
|
SSLCACertificateFile {{ horizon_ssl_ca_cert }}
|
|
{% endif -%}
|
|
SSLCompression Off
|
|
SSLProtocol {{ horizon_ssl_protocol }}
|
|
SSLHonorCipherOrder On
|
|
{% if horizon_ssl_cipher_suite_tls12 != "" -%}
|
|
SSLCipherSuite {{ horizon_ssl_cipher_suite_tls12 }}
|
|
{% endif -%}
|
|
{% if horizon_ssl_cipher_suite_tls13 != "" -%}
|
|
SSLCipherSuite TLSv1.3 {{ horizon_ssl_cipher_suite_tls13 }}
|
|
{% endif -%}
|
|
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|
|
{% endif %}
|
|
{% if (horizon_enable_ssl | bool) and (horizon_external_ssl | bool) %}
|
|
RequestHeader set {{ horizon_secure_proxy_ssl_header }} "https"
|
|
{% elif not (horizon_enable_ssl | bool) and (horizon_external_ssl | bool) %}
|
|
RequestHeader set {{ horizon_secure_proxy_ssl_header }} "http"
|
|
{% endif %}
|
|
|
|
WSGIScriptAlias / {{ horizon_lib_wsgi_file }}
|
|
WSGIDaemonProcess horizon user={{ horizon_system_user_name }} group={{ horizon_system_group_name }} processes={{ horizon_wsgi_processes | default(horizon_wsgi_threads) }} threads={{ horizon_wsgi_threads }} python-path={{ horizon_lib_dir | dirname }}/site-packages
|
|
|
|
WSGIProcessGroup horizon
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
|
|
<Directory {{ horizon_lib_wsgi_file | dirname }}>
|
|
<Files {{ horizon_lib_wsgi_file | basename }} >
|
|
<IfVersion < 2.4>
|
|
Order allow,deny
|
|
Allow from all
|
|
</IfVersion>
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
</Files>
|
|
</Directory>
|
|
|
|
Alias /static {{ horizon_lib_dir }}/static/
|
|
|
|
<Directory {{ horizon_lib_dir }}/static/>
|
|
Options -FollowSymlinks
|
|
<IfVersion < 2.4>
|
|
AllowOverride None
|
|
Order allow,deny
|
|
Allow from all
|
|
</IfVersion>
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
</Directory>
|
|
</VirtualHost>
|