diff --git a/horizon/Dockerfile b/horizon/Dockerfile
index 3a3d72b..cff54e3 100644
--- a/horizon/Dockerfile
+++ b/horizon/Dockerfile
@@ -16,20 +16,29 @@ RUN set -x \
python-openstackclient \
&& apt-get -y clean
-EXPOSE 80
+
+EXPOSE 80 443
+
+COPY openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.conf
COPY local_settings.py /etc/openstack-dashboard/local_settings.py
# Add a redirect to /keystone instead of the "It works! page"
COPY 000-default.conf /etc/apache2/sites-available
+COPY run.sh /etc/run.sh
+
RUN chown -R www-data: /var/lib/openstack-dashboard/
RUN touch /var/log/horizon.log
RUN chown www-data: /var/log/horizon.log
-RUN chown horizon: /var/lib/openstack-dashboard/secret_key
+RUN a2enmod ssl
+RUN a2enmod headers
+RUN a2enmod rewrite
-CMD apachectl -DFOREGROUND
+RUN chown /var/lib/openstack-dashboard/secret_key horizon
+
+CMD /etc/run.sh
diff --git a/horizon/local_settings.py b/horizon/local_settings.py
index 47fcad6..2897fdb 100644
--- a/horizon/local_settings.py
+++ b/horizon/local_settings.py
@@ -37,7 +37,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
#EMAIL_HOST_PASSWORD = 'top-secret!'
OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
-OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_URL = "https://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
@@ -266,7 +266,6 @@ TIME_ZONE = "UTC"
# ('default', 'Default', 'themes/default'),
# ('material', 'Material', 'themes/material'),
#]
-
LOGGING = {
'version': 1,
# When set to True this will disable all logging except
@@ -288,11 +287,12 @@ LOGGING = {
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
- 'level': 'INFO',
- 'class': 'logging.StreamHandler',
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': '/var/log/horizon.log',
},
'operation': {
- 'level': 'INFO',
+ 'level': 'DEBUG',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
@@ -516,3 +516,12 @@ ALLOWED_HOSTS = '*'
COMPRESS_OFFLINE = True
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
+
+WEBSSO_ENABLED = True
+
+WEBSSO_CHOICES = (
+ ("credentials", _("Keystone Credentials")),
+ ("mapped", _("Security Assertion Markup Language"))
+ )
+
+WEBSSO_INITIAL_CHOICE = "mapped"
diff --git a/horizon/openstack-dashboard.conf b/horizon/openstack-dashboard.conf
new file mode 100644
index 0000000..3b591e0
--- /dev/null
+++ b/horizon/openstack-dashboard.conf
@@ -0,0 +1,35 @@
+
+ RedirectMatch "^/$" "/horizon"
+ ServerName oscloudtest01.hpc.rug.nl
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+
+
+ RedirectMatch "^/$" "/horizon"
+ ServerName oscloudtest01.hpc.rug.nl
+
+ SSLEngine On
+ SSLCertificateFile "/certs/oscloudtest01.hpc.rug.nl.crt"
+ SSLCertificateKeyFile "/certs/oscloudtest01.hpc.rug.nl.key"
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+
+ # HTTP Strict Transport Security (HSTS) enforces that all communications
+ # with a server go over SSL. This mitigates the threat from attacks such
+ # as SSL-Strip which replaces links on the wire, stripping away https prefixes
+ # and potentially allowing an attacker to view confidential information on the
+ # wire
+ Header add Strict-Transport-Security "max-age=15768000"
+
+ Alias /horizon/static /var/lib/openstack-dashboard/static/
+ Alias /static /var/lib/openstack-dashboard/static/
+
+
+ Require all granted
+
+
+ WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi process-group=horizon
+ WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 display-name=%{GROUP}
+ WSGIProcessGroup horizon
+
+
diff --git a/horizon/run.sh b/horizon/run.sh
new file mode 100755
index 0000000..dbbe712
--- /dev/null
+++ b/horizon/run.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+#Making the console log console again...
+tail -f /var/log/horizon.log &
+
+apachectl -DFOREGROUND