Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 411c34da69f423059a04431a542be2b1b7a65f38^! / . / lib
commit411c34da69f423059a04431a542be2b1b7a65f38[log] [tgz]
authorJens Harbott <j.harbott@x-ion.de>Tue Aug 29 14:40:26 2017 +0000
committerJens Harbott <j.harbott@x-ion.de>Tue Aug 29 14:40:26 2017 +0000
tree0ba2887bdc4267484887e158b000a02fb48770aa
parentc5aca3c99660a65f9e690b93f7f260ff7cf30c15 [diff]
Fix URLs when running with tls-proxy enabled

Various services are returning broken links when running behind
tls-proxy. These issues can be fixed by setting the X-Forwarded-Proto
header in the apache config and letting oslo_middleware parse it.

Change-Id: Ibe5dbdc4644ec812f0435f59319666fc336c195a
Partial-Bug: 1713731

diff --git a/lib/cinder b/lib/cinder
index 03328f3..67939f1 100644
--- a/lib/cinder
+++ b/lib/cinder

@@ -296,8 +296,7 @@
             # Set the service port for a proxy to take the original
             if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
                 iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
-                iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
-                iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
+                iniset $CINDER_CONF oslo_middleware enable_proxy_headers_parsing True
             else
                 iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
                 iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT

diff --git a/lib/neutron b/lib/neutron
index 2a660ec..92c585a 100644
--- a/lib/neutron
+++ b/lib/neutron

@@ -242,6 +242,7 @@
     if is_service_enabled tls-proxy; then
         # Set the service port for a proxy to take the original
         iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT"
+        iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
     fi
 
     # Metering

diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 784f3a8..f9e0bd6 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy

@@ -718,6 +718,7 @@
     if is_service_enabled tls-proxy; then
         # Set the service port for a proxy to take the original
         iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
+        iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True
     fi
 
     _neutron_setup_rootwrap

diff --git a/lib/nova b/lib/nova
index fa09fd8..887a70d 100644
--- a/lib/nova
+++ b/lib/nova

@@ -555,6 +555,7 @@
 
     if is_service_enabled tls-proxy; then
         iniset $NOVA_CONF DEFAULT glance_protocol https
+        iniset $NOVA_CONF oslo_middleware enable_proxy_headers_parsing True
     fi
 
     if is_service_enabled n-sproxy; then

diff --git a/lib/tls b/lib/tls
index 7bde5e6..5bf5d96 100644
--- a/lib/tls
+++ b/lib/tls

@@ -527,6 +527,7 @@
     # for swift functional testing to work with tls enabled. It is 2 bytes
     # larger than the apache default of 8190.
     LimitRequestFieldSize $f_header_size
+    RequestHeader set X-Forwarded-Proto "https"
 
     <Location />
         ProxyPass http://$b_host:$b_port/ retry=0 nocanon
@@ -541,7 +542,7 @@
     if is_suse ; then
         sudo a2enflag SSL
     fi
-    for mod in ssl proxy proxy_http; do
+    for mod in headers ssl proxy proxy_http; do
         enable_apache_mod $mod
     done
     enable_apache_site $b_service