hard-coded port in VNC websockify host header when horizon SSL is forced via load balancer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Invalid
|
Medium
|
Vlad Okhrimenko |
Bug Description
We're using haproxy on 3 controllers to load balance and enforce SSL to Openstack APIs, so naturally, Horizon is configured without SSL, and SSL is enforced in HAPROXY via this line:
redirect scheme https if !{ ssl_fc }
When attempting to use the console, error 1006 was received (unable to connect). Using firefox developer tools, it was found that the "websockify" request includes port 80 hard-coded in the response (over https) and therefore, the redirect is bungled.
(see screenshot1).
After disabling the SSL enforcement on HAproxy for VNC
("redirect scheme https if !{ hdr(Host) -m beg vnc.alpha.
Further details:
root@node-
ii nova-api 1:2014.
ii nova-cert 1:2014.
ii nova-common 1:2014.
ii nova-conductor 1:2014.
ii nova-consoleauth 1:2014.
ii nova-novncproxy 1:2014.
ii nova-objectstore 1:2014.
ii nova-scheduler 1:2014.
ii python-nova 1:2014.
ii python-novaclient 1:2.20.
Changed in mos: | |
importance: | Undecided → Medium |
assignee: | nobody → MOS Horizon (mos-horizon) |
milestone: | none → 7.0 |
status: | New → Confirmed |
Changed in mos: | |
assignee: | MOS Horizon (mos-horizon) → Vlad Okhrimenko (vokhrimenko) |
Hi @Karen! Can you please explain me - how I can reproduce this ? (step-by-step)
where I should add string "redirect scheme https if !{ ssl_fc }" (in haproxy.cfg ?)
How I can restart haproxy ?
Thanks!