[Yahoo-eng-team] [Bug 1590608] Re: Services should use http_proxy_to_wsgi middleware

Mon, 25 Mar 2019 22:45:56 -0700 

Reviewed:  https://review.openstack.org/641649
Committed: 
https://git.openstack.org/cgit/openstack/mistral/commit/?id=ca1acb656cbd1ec30e327fa67cd9f6e75345b14f
Submitter: Zuul
Branch:    master

commit ca1acb656cbd1ec30e327fa67cd9f6e75345b14f
Author: Vlad Gusev <vlad.es...@gmail.com>
Date:   Thu Mar 7 15:38:57 2019 +0300

    Add http_proxy_to_wsgi middleware
    
    This sets up the HTTPProxyToWSGI middleware in front of Mistral API. The
    purpose of this middleware is to set up the request URL correctly in
    the case there is a proxy (for instance, a loadbalancer such as HAProxy)
    in front of the Mistral API.
    
    The HTTPProxyToWSGI is off by default and needs to be enabled via a
    configuration value.
    
    It can be enabled with the option in mistral.conf:
    [oslo_middleware]
    enable_proxy_headers_parsing=True
    
    Closes-Bug: #1590608
    Closes-Bug: #1816364
    Change-Id: I04ba85488b27cb05c3b81ad8c973c3cc3fe56d36


** Changed in: mistral
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1590608

Title:
  Services should use http_proxy_to_wsgi middleware

Status in Aodh:
  Fix Released
Status in Barbican:
  Fix Released
Status in Ceilometer:
  Fix Released
Status in OpenStack Barbican Charm:
  Fix Released
Status in OpenStack heat charm:
  Triaged
Status in Cinder:
  Fix Released
Status in cloudkitty:
  Fix Released
Status in congress:
  Triaged
Status in OpenStack Backup/Restore and DR (Freezer):
  Fix Released
Status in Glance:
  Fix Released
Status in Gnocchi:
  Fix Released
Status in OpenStack Heat:
  Fix Released
Status in OpenStack Identity (keystone):
  Fix Released
Status in Magnum:
  Fix Released
Status in Mistral:
  Fix Released
Status in neutron:
  Fix Released
Status in Panko:
  Fix Released
Status in Sahara:
  Fix Released
Status in OpenStack Searchlight:
  Fix Released
Status in senlin:
  Fix Released
Status in OpenStack DBaaS (Trove):
  Fix Released

Bug description:
  It's a common problem when putting a service behind a load balancer to
  need to forward the Protocol and hosts of the original request so that
  the receiving service can construct URLs to the loadbalancer and not
  the private worker node.

  Most services have implemented some form of secure_proxy_ssl_header =
  HTTP_X_FORWARDED_PROTO handling however exactly how this is done is
  dependent on the service.

  oslo.middleware provides the http_proxy_to_wsgi middleware that
  handles these headers and the newer RFC7239 forwarding header and
  completely hides the problem from the service.

  This middleware should be adopted by all services in preference to
  their own HTTP_X_FORWARDED_PROTO handling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/aodh/+bug/1590608/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to