yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #51507
[Bug 1558683] Re: Versions endpoint does not support X-Forwarded-Proto
Reviewed: https://review.openstack.org/305152
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=d7e7e7bdf0f112c8315ae38f04b4849338173d51
Submitter: Jenkins
Branch: master
commit d7e7e7bdf0f112c8315ae38f04b4849338173d51
Author: yuriy_n <ynesenenko@xxxxxxxxxxxx>
Date: Mon May 23 11:28:25 2016 +0300
Handle SSL termination proxies for version list
Cinder list with pagination contains wrong scheme for
'next' link in case of SSL endpoints. This patch fixes
it and returns the correct scheme in version URLs if
service is behind an SSL termination proxy.
Change-Id: If5aab9cc25a2e7c66a0bb13b5f7488a667b30309
Closes-Bug: #1558683
** Changed in: cinder
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1558683
Title:
Versions endpoint does not support X-Forwarded-Proto
Status in Cinder:
Fix Released
Status in Glance:
In Progress
Bug description:
When a project is deployed behind a SSL terminating proxy, the version
endpoint returns the wrong URLs. The returned protocol in the reponse
URLs is http:// instead of the expected https://.
This is because the response built by versions.py git the host
information only from the incoming req. If SSL has been terminated by
a proxy, then the information in the req indicates http://. Other
projects have addressed this by adding the config parameter
secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO. This will tell the
project to use the value in X-Forwarded-Proto (https or http) when
building the URLs in the response. Nova and Keystone support this
configuration option.
One workaround is to set the public_endpoint parameter. However, the
value set for public_endpoint, is also returned when the internal and
admin version endpoints are queried, which breaks other things.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1558683/+subscriptions
References