openstack/octavia
Code Issues Proposed changes

Add support for oslo_middleware http_proxy_to_wsgi

Browse Source 
This sets up the HTTPProxyToWSGI middleware in front of Octavia API. The
purpose of this middleware is to set up the request URL correctly in
the case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Octavia API.

So, when TLS connections are terminated at the proxy, and one tries to
get the versions from the '/' resource from Octavia API, one will notice
that the protocol is incorrect; It will show 'http' instead of 'https'.
So this middleware handles such cases.

The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.

It can be enabled with the option in octavia.conf:
[oslo_middleware]
enable_proxy_headers_parsing=True

Story: 2005105
Task: 29732
Change-Id: I276188530a83598ed75560f02ed9d80ce9afca2f
This commit is contained in:
Vlad Gusev 2019-02-27 19:34:02 +03:00 committed by Adam Harwell
parent 4e72fa9c2e
commit ec83c69372
3 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/octavia.conf
View File

@ -269,6 +269,10 @@
# Topic (i.e. Queue) Name # Topic (i.e. Queue) Name
# topic = octavia_prov # topic = octavia_prov
[oslo_middleware]
# HTTPProxyToWSGI middleware enabled
# enable_proxy_headers_parsing = False
[house_keeping] [house_keeping]
# Interval in seconds to initiate spare amphora checks # Interval in seconds to initiate spare amphora checks
# spare_check_interval = 30 # spare_check_interval = 30

3
octavia/api/app.py
View File

@ -16,6 +16,7 @@ import keystonemiddleware.audit as audit_middleware
from oslo_config import cfg from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
from oslo_middleware import cors from oslo_middleware import cors
from oslo_middleware import http_proxy_to_wsgi
from oslo_middleware import request_id from oslo_middleware import request_id
import pecan import pecan
@ -83,6 +84,8 @@ def _wrap_app(app):
if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE: if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
app = keystone.SkippingAuthProtocol(app, {}) app = keystone.SkippingAuthProtocol(app, {})
app = http_proxy_to_wsgi.HTTPProxyToWSGI(app)
# This should be the last middleware in the list (which results in # This should be the last middleware in the list (which results in
# it being the first in the middleware chain). This is to ensure # it being the first in the middleware chain). This is to ensure
# that any errors thrown by other middleware, such as an auth # that any errors thrown by other middleware, such as an auth

8
releasenotes/notes/support-oslo_middleware-http_proxy_to_wsgi-928c6fc5ec3d421c.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Now supports ``oslo_middleware http_proxy_to_wsgi``, which will set up the
request URL correctly in the case that there is a proxy (for example, a
loadbalancer such as HAProxy) in front of the Octavia API. It is off by
default and can be enabled by setting ``enable_proxy_headers_parsing=True``
in the ``[oslo_middleware]`` section of ``octavia.conf``.