diff --git a/api-ref/source/v2/listener.inc b/api-ref/source/v2/listener.inc index 953d033b5f..b32d31e74e 100644 --- a/api-ref/source/v2/listener.inc +++ b/api-ref/source/v2/listener.inc @@ -164,18 +164,24 @@ Supported HTTP Header Insertions header insertions. -+------------------+--------+------------------------------------------------+ -| Key | Value | Description | -+==================+========+================================================+ -| X-Forwarded-For | string | When "``true``" a ``X-Forwarded-For`` header | -| | | is inserted into the request to the backend | -| | | ``member`` that specifies the client IP | -| | | address. | -+------------------+--------+------------------------------------------------+ -| X-Forwarded-Port | string | When "``true``" a ``X-Forwarded-Port`` header | -| | | is inserted into the request to the backend | -| | | ``member`` that specifies the listener port. | -+------------------+--------+------------------------------------------------+ ++-------------------+--------+------------------------------------------------+ +| Key | Value | Description | ++===================+========+================================================+ +| X-Forwarded-For | string | When "``true``" a ``X-Forwarded-For`` header | +| | | is inserted into the request to the backend | +| | | ``member`` that specifies the client IP | +| | | address. | ++-------------------+--------+------------------------------------------------+ +| X-Forwarded-Port | string | When "``true``" a ``X-Forwarded-Port`` header | +| | | is inserted into the request to the backend | +| | | ``member`` that specifies the listener port. | ++-------------------+--------+------------------------------------------------+ +| X-Forwarded-Proto | string | When "``true``" a ``X-Forwarded-Proto`` header | +| | | is inserted into the request to the backend | +| | | ``member``. HTTP for the HTTP listener | +| | | protocol type, HTTPS for the TERMINATED_HTTPS | +| | | listener protocol type. | ++-------------------+--------+------------------------------------------------+ Request Example ---------------- diff --git a/doc/source/contributor/guides/providers.rst b/doc/source/contributor/guides/providers.rst index 2fc1fd5306..5cac658646 100644 --- a/doc/source/contributor/guides/providers.rst +++ b/doc/source/contributor/guides/providers.rst @@ -445,19 +445,25 @@ contains the following: As of the writing of this specification the Supported HTTP Header Insertions are: -+-------------------+------+------------------------------------------------+ -| Key | Type | Description | -+===================+======+================================================+ -| X-Forwarded-For | bool | When True a X-Forwarded-For header is inserted | -| | | into the request to the backend member that | -| | | specifies the client IP address. | -+-------------------+------+------------------------------------------------+ -| X-Forwarded-Port | int | A X-Forwarded-Port header is inserted into the | -| | | request to the backend member that specifies | -| | | the integer provided. Typically this is used to| -| | | indicate the port the client connected to on | -| | | the load balancer. | -+-------------------+------+------------------------------------------------+ ++-------------------+--------+------------------------------------------------+ +| Key | Type | Description | ++===================+========+================================================+ +| X-Forwarded-For | bool | When True a X-Forwarded-For header is inserted | +| | | into the request to the backend member that | +| | | specifies the client IP address. | ++-------------------+--------+------------------------------------------------+ +| X-Forwarded-Port | int | A X-Forwarded-Port header is inserted into the | +| | | request to the backend member that specifies | +| | | the integer provided. Typically this is used to| +| | | indicate the port the client connected to on | +| | | the load balancer. | ++-------------------+--------+------------------------------------------------+ +| X-Forwarded-Proto | bool | A X-Forwarded-Proto header is inserted into | +| | | the end of request to the backend member. | +| | | HTTP for the HTTP listener protocol type, | +| | | HTTPS for the TERMINATED_HTTPS listener | +| | | protocol type. | ++-------------------+--------+------------------------------------------------+ **Creating a Fully Populated Listener** diff --git a/octavia/common/constants.py b/octavia/common/constants.py index fed20fb014..6120f62e2e 100644 --- a/octavia/common/constants.py +++ b/octavia/common/constants.py @@ -412,7 +412,8 @@ AMPHORA_NAMESPACE = 'amphora-haproxy' # List of HTTP headers which are supported for insertion SUPPORTED_HTTP_HEADERS = ['X-Forwarded-For', - 'X-Forwarded-Port'] + 'X-Forwarded-Port', + 'X-Forwarded-Proto'] FLOW_DOC_TITLES = {'AmphoraFlows': 'Amphora Flows', 'LoadBalancerFlows': 'Load Balancer Flows', diff --git a/octavia/common/jinja/haproxy/templates/macros.j2 b/octavia/common/jinja/haproxy/templates/macros.j2 index 33e99a596a..cb11d2c0d7 100644 --- a/octavia/common/jinja/haproxy/templates/macros.j2 +++ b/octavia/common/jinja/haproxy/templates/macros.j2 @@ -257,6 +257,15 @@ backend {{ pool.id }} http-request set-header X-Forwarded-Port %[dst_port] {% endif %} {% endif %} + {% if listener.insert_headers.get('X-Forwarded-Proto', + 'False').lower() == 'true' %} + {% if listener.protocol.lower() == constants.PROTOCOL_HTTP.lower() %} + http-request set-header X-Forwarded-Proto http + {% elif listener.protocol.lower() == + constants.PROTOCOL_TERMINATED_HTTPS.lower() %} + http-request set-header X-Forwarded-Proto https + {% endif %} + {% endif %} {% if listener.connection_limit is defined %} fullconn {{ listener.connection_limit }} {% endif %} diff --git a/releasenotes/notes/add-x-forwarded-proto-19a1d971cf43b795.yaml b/releasenotes/notes/add-x-forwarded-proto-19a1d971cf43b795.yaml new file mode 100644 index 0000000000..63e4128116 --- /dev/null +++ b/releasenotes/notes/add-x-forwarded-proto-19a1d971cf43b795.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Adding support for the listener X-Forwarded-Proto header insertion.