Reviewed: https://review.openstack.org/384305 Committed: https://git.openstack.org/cgit/openstack/aodh/commit/?id=0f2a80d8efb86faea7ee94d7eb744bb66ad79ba9 Submitter: Jenkins Branch: master
commit 0f2a80d8efb86faea7ee94d7eb744bb66ad79ba9 Author: Juan Antonio Osorio Robles <[email protected]> Date: Mon Oct 10 09:23:11 2016 +0300 Add http_proxy_to_wsgi to api-paste This sets up the HTTPProxyToWSGI middleware in front of Aodh. The purpose of thise middleware is to set up the request URL correctly in case there is a proxy (For instance, a loadbalancer such as HAProxy) in front of Aodh. So, for instance, when TLS connections are being terminated in the proxy, and one tries to get the versions from the / resource of Aodh, one will notice that the protocol is incorrect; It will show 'http' instead of 'https'. So this middleware handles such cases. Thus helping Keystone discovery work correctly. The HTTPProxyToWSGI is off by default and needs to be enabled via a configuration value. Change-Id: If2ada8a94c8e1ceacd4509605b4cd766a78f71d5 Closes-Bug: #1590608 ** Changed in: aodh Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1590608 Title: Services should use http_proxy_to_wsgi middleware Status in Aodh: Fix Released Status in Barbican: New Status in Ceilometer: In Progress Status in Cinder: Fix Released Status in Glance: Fix Released Status in Gnocchi: In Progress Status in heat: In Progress Status in OpenStack Identity (keystone): Fix Released Status in neutron: In Progress Status in OpenStack DBaaS (Trove): In Progress Bug description: It's a common problem when putting a service behind a load balancer to need to forward the Protocol and hosts of the original request so that the receiving service can construct URLs to the loadbalancer and not the private worker node. Most services have implemented some form of secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO handling however exactly how this is done is dependent on the service. oslo.middleware provides the http_proxy_to_wsgi middleware that handles these headers and the newer RFC7239 forwarding header and completely hides the problem from the service. This middleware should be adopted by all services in preference to their own HTTP_X_FORWARDED_PROTO handling. To manage notifications about this bug go to: https://bugs.launchpad.net/aodh/+bug/1590608/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
