commit 13664c11d01976d1b711b8bea184ca2d7a55c10e
Author: Samuel Walladge <email address hidden>
Date: Wed May 31 12:23:11 2023 +0930
Enable rgw trust forwarded https when https proxy
This option is required for server-side encryption to be allowed
if radosgw is behind a reverse proxy,
such as here when certificates are configured and apache2 is running.
It is safe to always enable when https is configured in the charm,
because it will be securely behind the reverse proxy in the unit.
This option must not be enabled when https is not configured in the charm,
because this would allow clients to spoof headers.
Closes-Bug: #2021560
Change-Id: I940f9b2f424a3d98936b5f185bf8f87b71091317
(cherry picked from commit 541ceec4018e311cef1517a62eefa28cd53bc162)
Reviewed: https:/ /review. opendev. org/c/openstack /charm- ceph-radosgw/ +/884827 /opendev. org/openstack/ charm-ceph- radosgw/ commit/ 13664c11d01976d 1b711b8bea184ca 2d7a55c10e
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/quincy.2
commit 13664c11d01976d 1b711b8bea184ca 2d7a55c10e
Author: Samuel Walladge <email address hidden>
Date: Wed May 31 12:23:11 2023 +0930
Enable rgw trust forwarded https when https proxy
This option is required for server-side encryption to be allowed
if radosgw is behind a reverse proxy,
such as here when certificates are configured and apache2 is running.
ref. https:/ /docs.ceph. com/en/ latest/ radosgw/ encryption/
It is safe to always enable when https is configured in the charm,
because it will be securely behind the reverse proxy in the unit.
This option must not be enabled when https is not configured in the charm,
because this would allow clients to spoof headers.
Closes-Bug: #2021560 98936b5f185bf8f 87b71091317 cef1517a62eefa2 8cd53bc162)
Change-Id: I940f9b2f424a3d
(cherry picked from commit 541ceec4018e311