Merge "Define X-Forwarded-Proto for keystone"

This commit is contained in:
Zuul 2022-02-15 18:58:13 +00:00 committed by Gerrit Code Review
commit ba9d685380
2 changed files with 8 additions and 2 deletions

View File

@ -255,10 +255,10 @@ keystone_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ inter
#keystone_user_ssl_ca_cert: <path to cert on ansible deployment host> #keystone_user_ssl_ca_cert: <path to cert on ansible deployment host>
# Set to true when terminating SSL/TLS at a load balancer # Set to true when terminating SSL/TLS at a load balancer
keystone_external_ssl: false keystone_external_ssl: "{{ (haproxy_ssl | default(True)) | bool }}"
# External SSL forwarding proto # External SSL forwarding proto
keystone_secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO keystone_secure_proxy_ssl_header: X-Forwarded-Proto
## Override memcached_servers ## Override memcached_servers
keystone_memcached_servers: "{{ memcached_servers }}" keystone_memcached_servers: "{{ memcached_servers }}"

View File

@ -20,6 +20,12 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
{% endif -%} {% endif -%}
Header set X-Frame-Options "{{ keystone_x_frame_options | default ('DENY') }}" Header set X-Frame-Options "{{ keystone_x_frame_options | default ('DENY') }}"
{% if (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
RequestHeader set {{ keystone_secure_proxy_ssl_header }} "https"
{% elif not (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
RequestHeader set {{ keystone_secure_proxy_ssl_header }} "http"
{% endif %}
{% if keystone_ssl | bool and keystone_service_internaluri_proto == "https" -%} {% if keystone_ssl | bool and keystone_service_internaluri_proto == "https" -%}
SSLEngine on SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }} SSLCertificateFile {{ keystone_ssl_cert }}