Reviewed: https://review.openstack.org/641649 Committed: https://git.openstack.org/cgit/openstack/mistral/commit/?id=ca1acb656cbd1ec30e327fa67cd9f6e75345b14f Submitter: Zuul Branch: master
commit ca1acb656cbd1ec30e327fa67cd9f6e75345b14f Author: Vlad Gusev <vlad.es...@gmail.com> Date: Thu Mar 7 15:38:57 2019 +0300 Add http_proxy_to_wsgi middleware This sets up the HTTPProxyToWSGI middleware in front of Mistral API. The purpose of this middleware is to set up the request URL correctly in the case there is a proxy (for instance, a loadbalancer such as HAProxy) in front of the Mistral API. The HTTPProxyToWSGI is off by default and needs to be enabled via a configuration value. It can be enabled with the option in mistral.conf: [oslo_middleware] enable_proxy_headers_parsing=True Closes-Bug: #1590608 Closes-Bug: #1816364 Change-Id: I04ba85488b27cb05c3b81ad8c973c3cc3fe56d36 ** Changed in: mistral Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1590608 Title: Services should use http_proxy_to_wsgi middleware Status in Aodh: Fix Released Status in Barbican: Fix Released Status in Ceilometer: Fix Released Status in OpenStack Barbican Charm: Fix Released Status in OpenStack heat charm: Triaged Status in Cinder: Fix Released Status in cloudkitty: Fix Released Status in congress: Triaged Status in OpenStack Backup/Restore and DR (Freezer): Fix Released Status in Glance: Fix Released Status in Gnocchi: Fix Released Status in OpenStack Heat: Fix Released Status in OpenStack Identity (keystone): Fix Released Status in Magnum: Fix Released Status in Mistral: Fix Released Status in neutron: Fix Released Status in Panko: Fix Released Status in Sahara: Fix Released Status in OpenStack Searchlight: Fix Released Status in senlin: Fix Released Status in OpenStack DBaaS (Trove): Fix Released Bug description: It's a common problem when putting a service behind a load balancer to need to forward the Protocol and hosts of the original request so that the receiving service can construct URLs to the loadbalancer and not the private worker node. Most services have implemented some form of secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO handling however exactly how this is done is dependent on the service. oslo.middleware provides the http_proxy_to_wsgi middleware that handles these headers and the newer RFC7239 forwarding header and completely hides the problem from the service. This middleware should be adopted by all services in preference to their own HTTP_X_FORWARDED_PROTO handling. To manage notifications about this bug go to: https://bugs.launchpad.net/aodh/+bug/1590608/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp