openstack/kolla-ansible
Code Issues Proposed changes

Add TLS to Kibana Web Interface

Browse Source 
Use HAProxy to terminate a TLS connection on port 5601 for the
Kibana dashboard when TLS is enabled for Kolla. x-forwarded-for
and x-forwarded-proto headers are set to give Kibana the info it
needs to write returned URLs.

Change-Id: I03a2dd3a8e2513d38281b30bf4bae6449fec0316
Closes-bug: #1566117
This commit is contained in:
Dave McCowan 2016-04-12 00:58:56 -04:00
parent 3cd96ea0ee
commit 4c8227ec8b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/roles/haproxy/templates/haproxy.cfg.j2
View File

@ -388,7 +388,9 @@ listen kibana
{% if haproxy_enable_external_vip | bool %} {% if haproxy_enable_external_vip | bool %}
listen kibana_external listen kibana_external
bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} {{ tls_bind_info }}
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }
acl auth_acl http_auth(kibanauser) acl auth_acl http_auth(kibanauser)
http-request auth realm basicauth unless auth_acl http-request auth realm basicauth unless auth_acl
{% for host in groups['kibana'] %} {% for host in groups['kibana'] %}