Hi, SSLMiddleware takes into account a Header[1] to set wsgi.url_scheme which allows a proxy to provide the original protocol to Heat/Neutron/...
Does that solution work in the HA Proxy case where there is one > terminating address for multiple backend servers? Because there is the > concern that this impacts not only the Location header, but the link > documents inside the responses which clients are expected to be able to > link.follow. This is an honest question, I don't know how the > oslo_middleware.ssl acts in these cases. And HA Proxy 1 to N mapping is > very common deployment model. > It ensures the protocol provided in headers will be used to generate correct Location Headers and links. BUT there are some limitations: * It doesn't work when the service itself acts as a proxy (typically nova image-list) * it doesn't work when you rewrite from https://<proxy-host>:<proxy-port>/<base>/... to http://<host>:<port>/... because the <base> information is not provided in the headers (except if you exploit a webob limitation) Cédric/ZZelle@IRC
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
