Reviewed: https://review.openstack.org/384314 Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=6ad6ca33e73686437098c3eec3d35efec0dd03ac Submitter: Jenkins Branch: master
commit 6ad6ca33e73686437098c3eec3d35efec0dd03ac Author: Juan Antonio Osorio Robles <[email protected]> Date: Mon Oct 10 09:46:14 2016 +0300 Add http_proxy_to_wsgi middleware to Heat CFN endpoint This was already used in the API endpoint, but it's also needed in the CFN endpoint. It's purpose is to process the X-Forwarded-Proto header (or Proxy protocol if used) and set the protocol as directed to https if done so. It's only needed if Heat is behind a TLS proxy (such as HAProxy) and is also disabled by default. Change-Id: Ibd81e1cf6bc1e3f63728b485e295478afa7f573c Closes-Bug: #1590608 ** Changed in: heat Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1590608 Title: Services should use http_proxy_to_wsgi middleware Status in Aodh: Fix Released Status in Barbican: Confirmed Status in Ceilometer: Fix Released Status in Cinder: Fix Released Status in cloudkitty: In Progress Status in congress: New Status in Glance: Fix Released Status in Gnocchi: Fix Committed Status in heat: Fix Released Status in OpenStack Identity (keystone): Fix Released Status in Magnum: New Status in neutron: In Progress Status in Panko: Fix Released Status in OpenStack Search (Searchlight): In Progress Status in senlin: In Progress Status in OpenStack DBaaS (Trove): In Progress Bug description: It's a common problem when putting a service behind a load balancer to need to forward the Protocol and hosts of the original request so that the receiving service can construct URLs to the loadbalancer and not the private worker node. Most services have implemented some form of secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO handling however exactly how this is done is dependent on the service. oslo.middleware provides the http_proxy_to_wsgi middleware that handles these headers and the newer RFC7239 forwarding header and completely hides the problem from the service. This middleware should be adopted by all services in preference to their own HTTP_X_FORWARDED_PROTO handling. To manage notifications about this bug go to: https://bugs.launchpad.net/aodh/+bug/1590608/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
