... | ... |
@@ -296,8 +296,7 @@ function configure_cinder { |
296 | 296 |
# Set the service port for a proxy to take the original |
297 | 297 |
if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then |
298 | 298 |
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT |
299 |
- iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST |
|
300 |
- iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST |
|
299 |
+ iniset $CINDER_CONF oslo_middleware enable_proxy_headers_parsing True |
|
301 | 300 |
else |
302 | 301 |
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT |
303 | 302 |
iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT |
... | ... |
@@ -242,6 +242,7 @@ function configure_neutron_new { |
242 | 242 |
if is_service_enabled tls-proxy; then |
243 | 243 |
# Set the service port for a proxy to take the original |
244 | 244 |
iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT" |
245 |
+ iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True |
|
245 | 246 |
fi |
246 | 247 |
|
247 | 248 |
# Metering |
... | ... |
@@ -718,6 +718,7 @@ function _configure_neutron_common { |
718 | 718 |
if is_service_enabled tls-proxy; then |
719 | 719 |
# Set the service port for a proxy to take the original |
720 | 720 |
iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT" |
721 |
+ iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True |
|
721 | 722 |
fi |
722 | 723 |
|
723 | 724 |
_neutron_setup_rootwrap |
... | ... |
@@ -555,6 +555,7 @@ function create_nova_conf { |
555 | 555 |
|
556 | 556 |
if is_service_enabled tls-proxy; then |
557 | 557 |
iniset $NOVA_CONF DEFAULT glance_protocol https |
558 |
+ iniset $NOVA_CONF oslo_middleware enable_proxy_headers_parsing True |
|
558 | 559 |
fi |
559 | 560 |
|
560 | 561 |
if is_service_enabled n-sproxy; then |
... | ... |
@@ -527,6 +527,7 @@ $listen_string |
527 | 527 |
# for swift functional testing to work with tls enabled. It is 2 bytes |
528 | 528 |
# larger than the apache default of 8190. |
529 | 529 |
LimitRequestFieldSize $f_header_size |
530 |
+ RequestHeader set X-Forwarded-Proto "https" |
|
530 | 531 |
|
531 | 532 |
<Location /> |
532 | 533 |
ProxyPass http://$b_host:$b_port/ retry=0 nocanon |
... | ... |
@@ -541,7 +542,7 @@ EOF |
541 | 541 |
if is_suse ; then |
542 | 542 |
sudo a2enflag SSL |
543 | 543 |
fi |
544 |
- for mod in ssl proxy proxy_http; do |
|
544 |
+ for mod in headers ssl proxy proxy_http; do |
|
545 | 545 |
enable_apache_mod $mod |
546 | 546 |
done |
547 | 547 |
enable_apache_site $b_service |