Fix enforced horizon redirect to https
Also fixes similar issues introduced by the same recent change. Added FIXME note about possible TLS malfunction regarding horizon. Change-Id: I5f46a9306139eb550d3849757c8bdf0767537c78 Closes-Bug: #1844016 Signed-off-by: Radosław Piliszek <radoslaw.piliszek@gmail.com>
This commit is contained in:
parent
d659c4dd15
commit
b4ef4638a6
|
@ -13,7 +13,7 @@ global
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660
|
stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660
|
||||||
{% if kolla_enable_tls_external or kolla_enable_tls_internal | bool %}
|
{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
|
||||||
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
|
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
|
||||||
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
|
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
|
||||||
tune.ssl.default-dh-param 4096
|
tune.ssl.default-dh-param 4096
|
||||||
|
|
|
@ -33,7 +33,8 @@ TraceEnable off
|
||||||
</Location>
|
</Location>
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
{% if kolla_enable_tls_external or kolla_enable_tls_internal| bool %}
|
{# FIXME(yoctozepto): enabling of either tls will break the other if not enabled too #}
|
||||||
|
{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
|
||||||
Header edit Location ^http://(.*)$ https://$1
|
Header edit Location ^http://(.*)$ https://$1
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
|
@ -55,7 +55,7 @@ DATABASES = {
|
||||||
#CSRF_COOKIE_SECURE = True
|
#CSRF_COOKIE_SECURE = True
|
||||||
#SESSION_COOKIE_SECURE = True
|
#SESSION_COOKIE_SECURE = True
|
||||||
|
|
||||||
{% if kolla_enable_tls_external or kolla_enable_tls_internal | bool %}
|
{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
|
||||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
CSRF_COOKIE_SECURE = True
|
CSRF_COOKIE_SECURE = True
|
||||||
SESSION_COOKIE_SECURE = True
|
SESSION_COOKIE_SECURE = True
|
||||||
|
|
|
@ -229,7 +229,7 @@ debug = {{ nova_logging_debug }}
|
||||||
|
|
||||||
[wsgi]
|
[wsgi]
|
||||||
api_paste_config = /etc/nova/api-paste.ini
|
api_paste_config = /etc/nova/api-paste.ini
|
||||||
{% if kolla_enable_tls_external or kolla_enable_tls_internal | bool %}
|
{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
|
||||||
secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
|
secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue