openstack/devstack
Code Issues Proposed changes

Merge "Fix URLs when running with tls-proxy enabled"

Browse Source
This commit is contained in:
Jenkins
2017-09-08 15:27:18 +00:00
committed by Gerrit Code Review
parent 0f75c57ad6 411c34da69
commit 80021b8f9f
5 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/cinder
View File

@@ -296,8 +296,7 @@ function configure_cinder {
# Set the service port for a proxy to take the original # Set the service port for a proxy to take the original
if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST iniset $CINDER_CONF oslo_middleware enable_proxy_headers_parsing True
iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
else else
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT

1
lib/neutron
View File

@@ -242,6 +242,7 @@ function configure_neutron_new {
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original # Set the service port for a proxy to take the original
iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT" iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT"
iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
fi fi
# Metering # Metering

1
lib/neutron-legacy
View File

@@ -718,6 +718,7 @@ function _configure_neutron_common {
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original # Set the service port for a proxy to take the original
iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT" iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
fi fi
_neutron_setup_rootwrap _neutron_setup_rootwrap

1
lib/nova
View File

@@ -555,6 +555,7 @@ function create_nova_conf {
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
iniset $NOVA_CONF DEFAULT glance_protocol https iniset $NOVA_CONF DEFAULT glance_protocol https
iniset $NOVA_CONF oslo_middleware enable_proxy_headers_parsing True
fi fi
if is_service_enabled n-sproxy; then if is_service_enabled n-sproxy; then

3
lib/tls
View File

@@ -527,6 +527,7 @@ $listen_string
# for swift functional testing to work with tls enabled. It is 2 bytes # for swift functional testing to work with tls enabled. It is 2 bytes
# larger than the apache default of 8190. # larger than the apache default of 8190.
LimitRequestFieldSize $f_header_size LimitRequestFieldSize $f_header_size
RequestHeader set X-Forwarded-Proto "https"
<Location /> <Location />
ProxyPass http://$b_host:$b_port/ retry=0 nocanon ProxyPass http://$b_host:$b_port/ retry=0 nocanon
@@ -541,7 +542,7 @@ EOF
if is_suse ; then if is_suse ; then
sudo a2enflag SSL sudo a2enflag SSL
fi fi
for mod in ssl proxy proxy_http; do for mod in headers ssl proxy proxy_http; do
enable_apache_mod $mod enable_apache_mod $mod
done done
enable_apache_site $b_service enable_apache_site $b_service