Configuring https for Dashboard based on nginx on Astra Linux 1.7¶
Generate a certificate. Executing this command will start an interactive process of creating a certificate, in which you will need to provide the necessary data:
sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/dashboard.crt -keyout /etc/ssl/private/dashboard.key
Edit the file
/etc/nginx/sites-available/dashboard.conf
adding the following lines to it in the server section, comment out the lines with listen 80 and server_name for it:listen 443 ssl; server_name ssl_; charset utf-8; ssl on; ssl_certificate /etc/ssl/certs/dashboard.crt; ssl_certificate_key /etc/ssl/private/dashboard.key;
Working config example:
echo "server { root /usr/share/openstack-dashboard; listen 443 ssl; server_name ssl_; charset utf-8; ssl on; ssl_certificate /etc/ssl/certs/dashboard.crt; ssl_certificate_key /etc/ssl/private/dashboard.key; client_body_temp_path /tmp/nginx_upload; client_body_in_file_only off; client_body_buffer_size 1M; client_max_body_size 100G; location / { try_files \$uri @uwsgi; } location @uwsgi { uwsgi_pass 127.0.0.1:3080; #uwsgi_pass unix:/run/uwsgi/dashboard.sock; include uwsgi_params; uwsgi_buffer_size 32k; uwsgi_buffers 8 32k; #uwsgi_param SCRIPT_NAME /horizon; #uwsgi_modifier1 30; uwsgi_read_timeout 600; uwsgi_send_timeout 600; #uwsgi_next_upstream_timeout 600; uwsgi_connect_timeout 600; #uwsgi_cache_lock_timeout 600; } location /static { alias /var/lib/openstack-dashboard/static; } #location /horizon/static { # alias /var/lib/openstack-dashboard/static; #} }
Reboot nginx:
systemctl reload nginx
Additionally, check that the server does not swear at the configuration:
nginx
Now access to the Dashboard is through
https://IP
.