openstack/octavia
Code Issues Proposed changes

Adding support for the octavia listener X-Forwarded-Proto header insertion.

Browse Source 
Adding support for the octavia listener X-Forwarded-Proto header insertion.
  A X-Forwarded-Proto header is inserted into the end of request to the backend
  member. HTTP for the HTTP listener protocol type, HTTPS for
  the TERMINATED_HTTPS listener protocol type.

  Adding X-Forwarded-Proto to the list of HTTP headers which are supported.

  File: octavia/master/octavia/octavia/common/constants.py:
      SUPPORTED_HTTP_HEADERS = ['X-Forwarded-For',
                                'X-Forwarded-Port',
                                'X-Forwarded-Proto']

  Adding the lines to the macros.j2 realizing the the http/https insertion
  to the backend member according to listener protocol type:

  File:  octavia/common/jinja/haproxy/templates/macros.j2

    {% if listener.insert_headers.get('X-Forwarded-Proto',
                                          'False').lower() == 'true' %}
        {% if listener.protocol.lower() == constants.PROTOCOL_HTTP.lower() %}
    http-request set-header X-Forwarded-Proto http
        {% elif listener.protocol.lower() ==
                               constants.PROTOCOL_TERMINATED_HTTPS.lower() %}
    http-request set-header X-Forwarded-Proto https
        {% endif %}
    {% endif %}

Change-Id: Id017bb277eebae98f0441663e41d07b40b6e3e38
Story: 2002173
Task: 20038
This commit is contained in:
Rafal Pietrzak 2018-06-07 13:54:09 +02:00
parent 96cce3ed74
commit d3f0a50014
5 changed files with 52 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
api-ref/source/v2/listener.inc
View File

@ -164,18 +164,24 @@ Supported HTTP Header Insertions
header insertions.
+------------------+--------+------------------------------------------------+
| Key | Value | Description |
+==================+========+================================================+
| X-Forwarded-For | string | When "``true``" a ``X-Forwarded-For`` header |
| | | is inserted into the request to the backend |
| | | ``member`` that specifies the client IP |
| | | address. |
+------------------+--------+------------------------------------------------+
| X-Forwarded-Port | string | When "``true``" a ``X-Forwarded-Port`` header |
| | | is inserted into the request to the backend |
| | | ``member`` that specifies the listener port. |
+------------------+--------+------------------------------------------------+
+-------------------+--------+------------------------------------------------+
| Key | Value | Description |
+===================+========+================================================+
| X-Forwarded-For | string | When "``true``" a ``X-Forwarded-For`` header |
| | | is inserted into the request to the backend |
| | | ``member`` that specifies the client IP |
| | | address. |
+-------------------+--------+------------------------------------------------+
| X-Forwarded-Port | string | When "``true``" a ``X-Forwarded-Port`` header |
| | | is inserted into the request to the backend |
| | | ``member`` that specifies the listener port. |
+-------------------+--------+------------------------------------------------+
| X-Forwarded-Proto | string | When "``true``" a ``X-Forwarded-Proto`` header |
| | | is inserted into the request to the backend |
| | | ``member``. HTTP for the HTTP listener |
| | | protocol type, HTTPS for the TERMINATED_HTTPS |
| | | listener protocol type. |
+-------------------+--------+------------------------------------------------+
Request Example
----------------

32
doc/source/contributor/guides/providers.rst
View File

@ -445,19 +445,25 @@ contains the following:
As of the writing of this specification the Supported HTTP Header Insertions
are:
+-------------------+------+------------------------------------------------+
| Key | Type | Description |
+===================+======+================================================+
| X-Forwarded-For | bool | When True a X-Forwarded-For header is inserted |
| | | into the request to the backend member that |
| | | specifies the client IP address. |
+-------------------+------+------------------------------------------------+
| X-Forwarded-Port | int | A X-Forwarded-Port header is inserted into the |
| | | request to the backend member that specifies |
| | | the integer provided. Typically this is used to|
| | | indicate the port the client connected to on |
| | | the load balancer. |
+-------------------+------+------------------------------------------------+
+-------------------+--------+------------------------------------------------+
| Key | Type | Description |
+===================+========+================================================+
| X-Forwarded-For | bool | When True a X-Forwarded-For header is inserted |
| | | into the request to the backend member that |
| | | specifies the client IP address. |
+-------------------+--------+------------------------------------------------+
| X-Forwarded-Port | int | A X-Forwarded-Port header is inserted into the |
| | | request to the backend member that specifies |
| | | the integer provided. Typically this is used to|
| | | indicate the port the client connected to on |
| | | the load balancer. |
+-------------------+--------+------------------------------------------------+
| X-Forwarded-Proto | bool | A X-Forwarded-Proto header is inserted into |
| | | the end of request to the backend member. |
| | | HTTP for the HTTP listener protocol type, |
| | | HTTPS for the TERMINATED_HTTPS listener |
| | | protocol type. |
+-------------------+--------+------------------------------------------------+
**Creating a Fully Populated Listener**

3
octavia/common/constants.py
View File

@ -412,7 +412,8 @@ AMPHORA_NAMESPACE = 'amphora-haproxy'
# List of HTTP headers which are supported for insertion
SUPPORTED_HTTP_HEADERS = ['X-Forwarded-For',
'X-Forwarded-Port']
'X-Forwarded-Port',
'X-Forwarded-Proto']
FLOW_DOC_TITLES = {'AmphoraFlows': 'Amphora Flows',
'LoadBalancerFlows': 'Load Balancer Flows',

9
octavia/common/jinja/haproxy/templates/macros.j2
View File

@ -257,6 +257,15 @@ backend {{ pool.id }}
http-request set-header X-Forwarded-Port %[dst_port]
{% endif %}
{% endif %}
{% if listener.insert_headers.get('X-Forwarded-Proto',
'False').lower() == 'true' %}
{% if listener.protocol.lower() == constants.PROTOCOL_HTTP.lower() %}
http-request set-header X-Forwarded-Proto http
{% elif listener.protocol.lower() ==
constants.PROTOCOL_TERMINATED_HTTPS.lower() %}
http-request set-header X-Forwarded-Proto https
{% endif %}
{% endif %}
{% if listener.connection_limit is defined %}
fullconn {{ listener.connection_limit }}
{% endif %}

4
releasenotes/notes/add-x-forwarded-proto-19a1d971cf43b795.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- |
Adding support for the listener X-Forwarded-Proto header insertion.