Add support for oslo_middleware http_proxy_to_wsgi

This sets up the HTTPProxyToWSGI middleware in front of Octavia API. The
purpose of this middleware is to set up the request URL correctly in
the case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Octavia API.

So, when TLS connections are terminated at the proxy, and one tries to
get the versions from the '/' resource from Octavia API, one will notice
that the protocol is incorrect; It will show 'http' instead of 'https'.
So this middleware handles such cases.

The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.

It can be enabled with the option in octavia.conf:
[oslo_middleware]
enable_proxy_headers_parsing=True

Story: 2005105
Task: 29732
Change-Id: I276188530a83598ed75560f02ed9d80ce9afca2f
This commit is contained in:
Vlad Gusev 2019-02-27 19:34:02 +03:00 committed by Adam Harwell
parent 4e72fa9c2e
commit ec83c69372
3 changed files with 15 additions and 0 deletions

View File

@ -269,6 +269,10 @@
# Topic (i.e. Queue) Name
# topic = octavia_prov
[oslo_middleware]
# HTTPProxyToWSGI middleware enabled
# enable_proxy_headers_parsing = False
[house_keeping]
# Interval in seconds to initiate spare amphora checks
# spare_check_interval = 30

View File

@ -16,6 +16,7 @@ import keystonemiddleware.audit as audit_middleware
from oslo_config import cfg
from oslo_log import log as logging
from oslo_middleware import cors
from oslo_middleware import http_proxy_to_wsgi
from oslo_middleware import request_id
import pecan
@ -83,6 +84,8 @@ def _wrap_app(app):
if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
app = keystone.SkippingAuthProtocol(app, {})
app = http_proxy_to_wsgi.HTTPProxyToWSGI(app)
# This should be the last middleware in the list (which results in
# it being the first in the middleware chain). This is to ensure
# that any errors thrown by other middleware, such as an auth

View File

@ -0,0 +1,8 @@
---
features:
- |
Now supports ``oslo_middleware http_proxy_to_wsgi``, which will set up the
request URL correctly in the case that there is a proxy (for example, a
loadbalancer such as HAProxy) in front of the Octavia API. It is off by
default and can be enabled by setting ``enable_proxy_headers_parsing=True``
in the ``[oslo_middleware]`` section of ``octavia.conf``.