As an extra note, with enforce-ssl set to True in openstack-dashboard, I manually commented out the lines "Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure" from /etc/apache2/sites-enabled/default-ssl.conf on my 3 openstack-dashboard units and I can create instances and object store containers successfully again.
ubuntu@juju-96d97f-21-lxd-14:~$ cat /etc/apache2/sites-enabled/default-ssl.conf
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
NameVirtualHost *:443
<VirtualHost 10.10.51.97:433>
ServerName 10.10.51.30
[...]
Header set Strict-Transport-Security "max-age=0"
#Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
[...]
</VirtualHost>
As an extra note, with enforce-ssl set to True in openstack- dashboard, I manually commented out the lines "Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure" from /etc/apache2/ sites-enabled/ default- ssl.conf on my 3 openstack-dashboard units and I can create instances and object store containers successfully again.
ubuntu@ juju-96d97f- 21-lxd- 14:~$ cat /etc/apache2/ sites-enabled/ default- ssl.conf stCheck off Transport- Security "max-age=0"
# Accept connections from non-SNI clients
SSLStrictSNIVHo
NameVirtualHost *:443
<VirtualHost 10.10.51.97:433>
ServerName 10.10.51.30
[...]
Header set Strict-
#Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set X-XSS-Protection "1; mode=block" Type-Options "nosniff"
Header set X-Content-
[...]
</VirtualHost>
<VirtualHost 10.10.51.97:433> Transport- Security "max-age=0"
ServerName <fqdn hostname - redacted out>
[...]
Header set Strict-
#Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set X-XSS-Protection "1; mode=block" Type-Options "nosniff"
Header set X-Content-
[...]
</VirtualHost>