Add support for oslo_middleware http_proxy_to_wsgi
This sets up the HTTPProxyToWSGI middleware in front of Octavia API. The
purpose of this middleware is to set up the request URL correctly in
the case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Octavia API.
So, when TLS connections are terminated at the proxy, and one tries to
get the versions from the '/' resource from Octavia API, one will notice
that the protocol is incorrect; It will show 'http' instead of 'https'.
So this middleware handles such cases.
The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.
It can be enabled with the option in octavia.conf:
[oslo_middleware]
enable_proxy_headers_parsing=True
Conflicts:
etc/octavia.conf
NOTE(s10): conflict is due to I3082962841d3b645f3cbd1a6b41fc7fb28dcf7e6
not being in stable branches
Story: 2005105
Task: 29732
Change-Id: I276188530a83598ed75560f02ed9d80ce9afca2f
(cherry picked from commit ec83c69372
)
This commit is contained in:
parent
15358a71e4
commit
6f8932e955
|
@ -293,6 +293,10 @@
|
|||
# event_stream_transport_url = rabbit://<user>:<pass>@server01,<user>:<pass>@server02/<vhost>
|
||||
# event_stream_transport_url =
|
||||
|
||||
[oslo_middleware]
|
||||
# HTTPProxyToWSGI middleware enabled
|
||||
# enable_proxy_headers_parsing = False
|
||||
|
||||
[house_keeping]
|
||||
# Interval in seconds to initiate spare amphora checks
|
||||
# spare_check_interval = 30
|
||||
|
|
|
@ -16,6 +16,7 @@ import keystonemiddleware.audit as audit_middleware
|
|||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_middleware import cors
|
||||
from oslo_middleware import http_proxy_to_wsgi
|
||||
from oslo_middleware import request_id
|
||||
import pecan
|
||||
|
||||
|
@ -83,6 +84,8 @@ def _wrap_app(app):
|
|||
if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
|
||||
app = keystone.SkippingAuthProtocol(app, {})
|
||||
|
||||
app = http_proxy_to_wsgi.HTTPProxyToWSGI(app)
|
||||
|
||||
# This should be the last middleware in the list (which results in
|
||||
# it being the first in the middleware chain). This is to ensure
|
||||
# that any errors thrown by other middleware, such as an auth
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Now supports ``oslo_middleware http_proxy_to_wsgi``, which will set up the
|
||||
request URL correctly in the case that there is a proxy (for example, a
|
||||
loadbalancer such as HAProxy) in front of the Octavia API. It is off by
|
||||
default and can be enabled by setting ``enable_proxy_headers_parsing=True``
|
||||
in the ``[oslo_middleware]`` section of ``octavia.conf``.
|
Loading…
Reference in New Issue