Configuring https for Dashboard based on nginx on Astra Linux 1.7

  1. Generate a certificate. Executing this command will start an interactive process of creating a certificate, in which you will need to provide the necessary data:

    sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/dashboard.crt -keyout /etc/ssl/private/dashboard.key
    
  2. Edit the file /etc/nginx/sites-available/dashboard.conf adding the following lines to it in the server section, comment out the lines with listen 80 and server_name for it:

    listen 443 ssl;
    server_name ssl_;
    
    charset utf-8;
    
    ssl on;
    ssl_certificate /etc/ssl/certs/dashboard.crt;
    ssl_certificate_key /etc/ssl/private/dashboard.key;
    

    Working config example:

    echo "server {
     root /usr/share/openstack-dashboard;
    
     listen 443 ssl;
     server_name ssl_;
    
     charset utf-8;
    
     ssl on;
     ssl_certificate /etc/ssl/certs/dashboard.crt;
     ssl_certificate_key /etc/ssl/private/dashboard.key;
    
     client_body_temp_path      /tmp/nginx_upload;
     client_body_in_file_only   off;
     client_body_buffer_size    1M;
     client_max_body_size       100G;
    
     location / {
         try_files \$uri @uwsgi;
     }
    
     location @uwsgi  {
         uwsgi_pass      127.0.0.1:3080;
         #uwsgi_pass      unix:/run/uwsgi/dashboard.sock;
         include         uwsgi_params;
         uwsgi_buffer_size 32k;
         uwsgi_buffers 8 32k;
        #uwsgi_param     SCRIPT_NAME  /horizon;
        #uwsgi_modifier1 30;
         uwsgi_read_timeout 600;
         uwsgi_send_timeout 600;
        #uwsgi_next_upstream_timeout 600;
         uwsgi_connect_timeout 600;
        #uwsgi_cache_lock_timeout 600;
     }
     location /static  {
         alias /var/lib/openstack-dashboard/static;
    
     }
     #location /horizon/static  {
     #   alias /var/lib/openstack-dashboard/static;
     #}
    }
    
  3. Reboot nginx:

    systemctl reload nginx
    
  4. Additionally, check that the server does not swear at the configuration:

    nginx
    
  5. Now access to the Dashboard is through https://IP.