lilatomic

SSL with Microstack

SSL with Microstack #

Setting up HTTPS on Horizon (the dashboard) #

Let's follow the docs here

The config files for microstack are all in the snap directory, so look in /var/snap/microstack/common/etc. We want to change the hostname by replacing the relevant lines:

:/common/etc/local_settings.d/_05_snap_tweaks.py

OPENSTACK_HOST = ""
ALLOWED_HOSTS = ""

SSL Cert #

I tossed my cert and key into :/common/etc/ssl/private . Make sure to give it appropriate permissions

Nginx #

The config for horizon lives in :/common/etc/nginx/snap/sites-enabled/horizon.conf . I replaced the listen directive, gave it a server_name, and added the ssl_certificate and ssl_certificate_key. I found that giving the absolute path to the SSL folder worked. That gives us:

server {
	listen 443 ssl;
	server_name alpacloud.lilatomic.ca;

	ssl_certificate /var/snap/microstack/common/etc/ssl/private/certificate.pem;
	ssl_certificate_key /var/snap/microstack/common/etc/ssl/private/private-key.pem;

	client_max_body_size 16G;

	error_log syslog:server=unix:/dev/log;
	access_log syslog:server=unix:/dev/log;
	location / {
		include /snap/microstack/222/usr/conf/uwsgi_params;
		uwsgi_param SCRIPT_NAME '';
		uwsgi_pass unix:///var/snap/microstack/common/run/horizon.sock;
	}
}