Add http_proxy_to_wsgi to api-paste
This sets up the HTTPProxyToWSGI middleware in front of Neutron-API. The purpose of this middleware is to set up the request URL correctly in case there is a proxy (For instance, a loadbalancer such as HAProxy) in front of Neutron. So, for instance, when TLS connections are being terminated in the proxy, and one tries to get the versions from the / resource of Neutron, one will notice that the protocol is incorrect; It will show 'http' instead of 'https'. So this middleware handles such cases. Thus helping Keystone discovery work correctly. The HTTPProxyToWSGI is off by default and needs to be enabled via a configuration value. Change-Id: Ice9ee8f4e04050271d59858f92034c230325718b Closes-Bug: #1590608
This commit is contained in:
parent
fcd47cca6e
commit
19c354aacd
etc
releasenotes/notes
@ -5,13 +5,13 @@ use = egg:Paste#urlmap
|
||||
|
||||
[composite:neutronapi_v2_0]
|
||||
use = call:neutron.auth:pipeline_factory
|
||||
noauth = cors request_id catch_errors extensions neutronapiapp_v2_0
|
||||
keystone = cors request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
|
||||
noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
|
||||
keystone = cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
|
||||
|
||||
[composite:neutronversions_composite]
|
||||
use = call:neutron.auth:pipeline_factory
|
||||
noauth = cors neutronversions
|
||||
keystone = cors neutronversions
|
||||
noauth = cors http_proxy_to_wsgi neutronversions
|
||||
keystone = cors http_proxy_to_wsgi neutronversions
|
||||
|
||||
[filter:request_id]
|
||||
paste.filter_factory = oslo_middleware:RequestId.factory
|
||||
@ -23,6 +23,9 @@ paste.filter_factory = oslo_middleware:CatchErrors.factory
|
||||
paste.filter_factory = oslo_middleware.cors:filter_factory
|
||||
oslo_config_project = neutron
|
||||
|
||||
[filter:http_proxy_to_wsgi]
|
||||
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
|
||||
|
||||
[filter:keystonecontext]
|
||||
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
|
||||
|
||||
|
@ -14,6 +14,7 @@ namespace = oslo.policy
|
||||
namespace = oslo.concurrency
|
||||
namespace = oslo.messaging
|
||||
namespace = oslo.middleware.cors
|
||||
namespace = oslo.middleware.http_proxy_to_wsgi
|
||||
namespace = oslo.service.sslutils
|
||||
namespace = oslo.service.wsgi
|
||||
namespace = keystonemiddleware.auth_token
|
||||
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- Middleware was added to parse the X-Forwarded-Proto HTTP header or the
|
||||
Proxy protocol in order to help neutron respond with the correct URL refs
|
||||
when it's put behind a TLS proxy (such as HAProxy). This adds
|
||||
http_proxy_to_wsgi middleware to the pipeline. This middleware is disabled
|
||||
by default, but can be enabled via a configuration option in the
|
||||
oslo_middleware group.
|
||||
upgrade:
|
||||
- The api-paste.ini configuration file for the paste pipeline was updated to
|
||||
add the http_proxy_to_wsgi middleware.
|
Loading…
x
Reference in New Issue
Block a user