yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1590608] Re: Services should use http_proxy_to_wsgi middleware

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1590608@xxxxxxxxxxxxxxxxxx>
Date: Thu, 08 Dec 2016 07:36:05 -0000
Reply-to: Bug 1590608 <1590608@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/384452
Committed: https://git.openstack.org/cgit/openstack/searchlight/commit/?id=0128b2f7d0c956f30ad8567d79f48e2d15bda916
Submitter: Jenkins
Branch:    master

commit 0128b2f7d0c956f30ad8567d79f48e2d15bda916
Author: pallavi <pallavi.s@xxxxxxxxxxxxxxxxxx>
Date:   Mon Oct 10 17:21:02 2016 +0530

    Add http_proxy_to_wsgi to api-paste
    
    This sets up the HTTPProxyToWSGI middleware in front of Searchlight.
    The purpose of thise middleware is to set up the request URL correctly
    in case there is a proxy (For instance, a loadbalancer such as HAProxy)
    in front of Searchlight.
    
    So, for instance, when TLS connections are being terminated in the
    proxy, and one tries to get the versions from the / resource of
    Searchlight, one will notice that the protocol is incorrect; It will
    show 'http' instead of 'https'. So this middleware handles such cases.
    
    The HTTPProxyToWSGI is off by default and needs to be enabled via a
    configuration value.
    
    Change-Id: I79ef2f9340dd6b0c6eab8079fd5495f619d99adf
    Closes-bug: #1590608
    Co-Authored-By: abdul nizamuddin <abdul.nizamuddin@xxxxxxxxxxxxxxxxxx>


** Changed in: searchlight
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1590608

Title:
  Services should use http_proxy_to_wsgi middleware

Status in Aodh:
  Fix Released
Status in Barbican:
  Fix Released
Status in Ceilometer:
  Fix Released
Status in Cinder:
  Fix Released
Status in cloudkitty:
  In Progress
Status in congress:
  New
Status in Freezer:
  Fix Released
Status in Glance:
  Fix Released
Status in Gnocchi:
  Fix Committed
Status in heat:
  Fix Released
Status in OpenStack Identity (keystone):
  Fix Released
Status in Magnum:
  Fix Released
Status in neutron:
  Fix Released
Status in Panko:
  Fix Released
Status in Sahara:
  Fix Released
Status in OpenStack Search (Searchlight):
  Fix Released
Status in senlin:
  In Progress
Status in OpenStack DBaaS (Trove):
  Fix Released

Bug description:
  It's a common problem when putting a service behind a load balancer to
  need to forward the Protocol and hosts of the original request so that
  the receiving service can construct URLs to the loadbalancer and not
  the private worker node.

  Most services have implemented some form of secure_proxy_ssl_header =
  HTTP_X_FORWARDED_PROTO handling however exactly how this is done is
  dependent on the service.

  oslo.middleware provides the http_proxy_to_wsgi middleware that
  handles these headers and the newer RFC7239 forwarding header and
  completely hides the problem from the service.

  This middleware should be adopted by all services in preference to
  their own HTTP_X_FORWARDED_PROTO handling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/aodh/+bug/1590608/+subscriptions

References

[Bug 1590608] [NEW] Services should use http_proxy_to_wsgi middleware
From: Jamie Lennox, 2016-06-09