We need to backport https://review.openstack.org/#/c/268230 and https://review.openstack.org/#/c/268230 in OPM so we can enable SSL in OSP7 for nova & cinder API services.
Also Horizon: https://review.openstack.org/#/c/268288/
Verified: Environment: openstack-puppet-modules-2015.1.8-45.el7ost.noarch So for cinder: In /etc/cinder/api-paste.ini we now have the following: [filter:ssl_header_handler] paste.filter_factory=oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory Horizon: Checking a deployment with SSL: grep rsprep /etc/haproxy/haproxy.cfg rsprep ^Location:\ http://(.*) Location:\ https://\1 Nova was deemed unnecessary for the purposes of enabling public endpoints in the overcloud
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0265.html