GitList

Browse code

Fix URLs when running with tls-proxy enabled

Various services are returning broken links when running behind
tls-proxy. These issues can be fixed by setting the X-Forwarded-Proto
header in the apache config and letting oslo_middleware parse it.

Change-Id: Ibe5dbdc4644ec812f0435f59319666fc336c195a
Partial-Bug: 1713731

Jens Harbott authored on 2017/08/29 23:40:26
Showing 5 changed files

lib/cinder index 03328f3..67939f1 100644
lib/neutron index 2a660ec..92c585a 100644
lib/neutron-legacy index 784f3a8..f9e0bd6 100644
lib/nova index fa09fd8..887a70d 100644
lib/tls index 7bde5e6..5bf5d96 100644

lib/cinder

History View file @ 411c34d

@@ -296,8 +296,7 @@ function configure_cinder {
                                  # Set the service port for a proxy to take the original
                                  if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
                                      iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
                     -                iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
                     -                iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
                     +                iniset $CINDER_CONF oslo_middleware enable_proxy_headers_parsing True
                                  else
                                      iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
                                      iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT

lib/neutron

History View file @ 411c34d

@@ -242,6 +242,7 @@ function configure_neutron_new {
                          if is_service_enabled tls-proxy; then
                              # Set the service port for a proxy to take the original
                              iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT"
                     +        iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
                          fi
                          # Metering

lib/neutron-legacy

History View file @ 411c34d

@@ -718,6 +718,7 @@ function _configure_neutron_common {
                          if is_service_enabled tls-proxy; then
                              # Set the service port for a proxy to take the original
                              iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
                     +        iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
                          fi
                          _neutron_setup_rootwrap

lib/nova

History View file @ 411c34d

@@ -555,6 +555,7 @@ function create_nova_conf {
                          if is_service_enabled tls-proxy; then
                              iniset $NOVA_CONF DEFAULT glance_protocol https
                     +        iniset $NOVA_CONF oslo_middleware enable_proxy_headers_parsing True
                          fi
                          if is_service_enabled n-sproxy; then

lib/tls

History View file @ 411c34d

@@ -527,6 +527,7 @@ $listen_string
                          # for swift functional testing to work with tls enabled. It is 2 bytes
                          # larger than the apache default of 8190.
                          LimitRequestFieldSize $f_header_size
                     +    RequestHeader set X-Forwarded-Proto "https"
                          <Location />
                              ProxyPass http://$b_host:$b_port/ retry=0 nocanon
@@ -541,7 +542,7 @@ EOF
                          if is_suse ; then
                              sudo a2enflag SSL
                          fi
                     -    for mod in ssl proxy proxy_http; do
                     +    for mod in headers ssl proxy proxy_http; do
                              enable_apache_mod $mod
                          done
                          enable_apache_site $b_service