Add support for oslo_middleware http_proxy_to_wsgi
This sets up the HTTPProxyToWSGI middleware in front of Octavia API. The purpose of this middleware is to set up the request URL correctly in the case there is a proxy (For instance, a loadbalancer such as HAProxy) in front of Octavia API. So, when TLS connections are terminated at the proxy, and one tries to get the versions from the '/' resource from Octavia API, one will notice that the protocol is incorrect; It will show 'http' instead of 'https'. So this middleware handles such cases. The HTTPProxyToWSGI is off by default and needs to be enabled via a configuration value. It can be enabled with the option in octavia.conf: [oslo_middleware] enable_proxy_headers_parsing=True Story: 2005105 Task: 29732 Change-Id: I276188530a83598ed75560f02ed9d80ce9afca2f
This commit is contained in:
parent
4e72fa9c2e
commit
ec83c69372
@ -269,6 +269,10 @@
|
||||
# Topic (i.e. Queue) Name
|
||||
# topic = octavia_prov
|
||||
|
||||
[oslo_middleware]
|
||||
# HTTPProxyToWSGI middleware enabled
|
||||
# enable_proxy_headers_parsing = False
|
||||
|
||||
[house_keeping]
|
||||
# Interval in seconds to initiate spare amphora checks
|
||||
# spare_check_interval = 30
|
||||
|
@ -16,6 +16,7 @@ import keystonemiddleware.audit as audit_middleware
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_middleware import cors
|
||||
from oslo_middleware import http_proxy_to_wsgi
|
||||
from oslo_middleware import request_id
|
||||
import pecan
|
||||
|
||||
@ -83,6 +84,8 @@ def _wrap_app(app):
|
||||
if cfg.CONF.api_settings.auth_strategy == constants.KEYSTONE:
|
||||
app = keystone.SkippingAuthProtocol(app, {})
|
||||
|
||||
app = http_proxy_to_wsgi.HTTPProxyToWSGI(app)
|
||||
|
||||
# This should be the last middleware in the list (which results in
|
||||
# it being the first in the middleware chain). This is to ensure
|
||||
# that any errors thrown by other middleware, such as an auth
|
||||
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Now supports ``oslo_middleware http_proxy_to_wsgi``, which will set up the
|
||||
request URL correctly in the case that there is a proxy (for example, a
|
||||
loadbalancer such as HAProxy) in front of the Octavia API. It is off by
|
||||
default and can be enabled by setting ``enable_proxy_headers_parsing=True``
|
||||
in the ``[oslo_middleware]`` section of ``octavia.conf``.
|
Loading…
Reference in New Issue
Block a user