Heat API cannot cope with being behind an SSL terminator
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
Fix Released
|
High
|
Pablo Andres Fuente |
Bug Description
We recently setup heat-api to listen without SSL behind stunnel which was doing SSL. This is sort of like a simulation of what may be a common setup in production, where SSL termination might be done on a specific SSL-only proxy and then forwarded to heat-api unencrypted.
The symptom is that sometimes Heat's API uses 302 redirects to route requests:
When running heat --debug event-list some-stack against a setup like this, the symptom is:
---begin---
[chopped token]
-H 'Content-Type: application/json' -H 'Accept: application/json' -H 'User-Agent: python-heatclient' https:/
HTTP/1.1 302 Found
date: Sat, 05 Oct 2013 04:34:16 GMT
content-length: 216
content-type: text/plain; charset=UTF-8
location: http://
302 Found
The resource was found at http://
---end---
The problem is that Heat is assuming http because it doesn't know about the SSL.
This is a common problem for most backend web application servers, and is usually solved by allowing one to override the scheme/port for redirects in a config option.
Changed in heat: | |
assignee: | nobody → Pablo Andres Fuente (pablo-a-fuente) |
Changed in heat: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
Changed in heat: | |
milestone: | icehouse-2 → 2014.1 |
tags: | added: customer-found support |
Is this problem limited to redirects, or also to links URLs in REST bodies to other REST resources?