Merge "Add support for oslo_middleware http_proxy_to_wsgi" into stable/stein

etc/octavia.conf

@@ -293,6 +293,10 @@
 #   event_stream_transport_url = rabbit://<user>:<pass>@server01,<user>:<pass>@server02/<vhost>
 # event_stream_transport_url =
 
+[oslo_middleware]
+# HTTPProxyToWSGI middleware enabled
+# enable_proxy_headers_parsing = False
+
 [house_keeping]
 # Interval in seconds to initiate spare amphora checks
 # spare_check_interval = 30

octavia/api/app.py

@@ -16,6 +16,7 @@ import keystonemiddleware.audit as audit_middleware
 from oslo_config import cfg
 from oslo_log import log as logging
 from oslo_middleware import cors
+from oslo_middleware import http_proxy_to_wsgi
 from oslo_middleware import request_id
 import pecan
 
@@ -83,6 +84,8 @@ def _wrap_app(app):
     if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
         app = keystone.SkippingAuthProtocol(app, {})
 
+    app = http_proxy_to_wsgi.HTTPProxyToWSGI(app)
+
     # This should be the last middleware in the list (which results in
     # it being the first in the middleware chain). This is to ensure
     # that any errors thrown by other middleware, such as an auth

releasenotes/notes/support-oslo_middleware-http_proxy_to_wsgi-928c6fc5ec3d421c.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Now supports ``oslo_middleware http_proxy_to_wsgi``, which will set up the
+    request URL correctly in the case that there is a proxy (for example, a
+    loadbalancer such as HAProxy) in front of the Octavia API. It is off by
+    default and can be enabled by setting ``enable_proxy_headers_parsing=True``
+    in the ``[oslo_middleware]`` section of ``octavia.conf``.