Horizon serves as the web portal for OpenStack. The following procedure assumes regular HTTP access to Horizon instead of SSL/TLS.
controller# pkg install horizon
Your configuration uses HTTP.
Provide settings to the /etc/openstack_dashboard/local_settings.py script.
controller# gsed -i -e s@SECURE_PROXY_SSL_HEADER@#SECURE_PROXY_SSL_HEADER@ \ -e s@CSRF_COOKIE_SECURE@#CSRF_COOKIE_SECURE@ \ -e s@SESSION_COOKIE_SECURE@#SESSION_COOKIE_SECURE@ \ /etc/openstack_dashboard/local_settings.py
Copy the HTTP version of the http.conf file for OpenStack.
controller# cp /etc/apache2/2.2/samples-conf.d/openstack-dashboard-http.conf \ /etc/apache24/2.2/conf.d/
Your configuration uses SSL/TLS.
Generate certificates for use by Horizon.
The following commands generate self-signed certificates for use by Horizon and copy the OpenStack dashboard configuration file to the Apache configuration file directory. For more information about creating self-signed certificates, see the Apache SSL/TLS Strong Encryption: FAQ.
controller# export DASHBOARD=/etc/openstack_dashboard
controller# openssl req -new -x509 -nodes \
-out horizon.crt -keyout horizon.key
controller# mv horizon.crt horizon.key ${DASHBOARD}
controller# chmod 0600 ${DASHBOARD}/horizon.*
controller# sed \
-e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:" \
-e "/SSLCACertificateFile/d" \
-e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:" \
< /etc/apache2/2.2/samples-conf.d/openstack-dashboard-tls.conf \
> /etc/apache2/2.2/conf.d/openstack-dashboard-tls.conf
In the ~/conf.d/openstack-dashboard-tls.conf file, specify the site address and server name of the Horizon package on the following parameters:
RedirectPermanent=controller-IP ServerName=controller-name
controller# svcadm enable apache22