Ceph RADOS Gateway Charm

  1. Bug #2021560
  2. Comment #7

Comment 7 for bug 2021560

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-ceph-radosgw (stable/quincy.2)

Reviewed: https://review.opendev.org/c/openstack/charm-ceph-radosgw/+/884827
Committed: https://opendev.org/openstack/charm-ceph-radosgw/commit/13664c11d01976d1b711b8bea184ca2d7a55c10e
Submitter: "Zuul (22348)"
Branch: stable/quincy.2

commit 13664c11d01976d1b711b8bea184ca2d7a55c10e
Author: Samuel Walladge <email address hidden>
Date: Wed May 31 12:23:11 2023 +0930

    Enable rgw trust forwarded https when https proxy

    This option is required for server-side encryption to be allowed
    if radosgw is behind a reverse proxy,
    such as here when certificates are configured and apache2 is running.

    ref. https://docs.ceph.com/en/latest/radosgw/encryption/

    It is safe to always enable when https is configured in the charm,
    because it will be securely behind the reverse proxy in the unit.
    This option must not be enabled when https is not configured in the charm,
    because this would allow clients to spoof headers.

    Closes-Bug: #2021560
    Change-Id: I940f9b2f424a3d98936b5f185bf8f87b71091317
    (cherry picked from commit 541ceec4018e311cef1517a62eefa28cd53bc162)