ooi

ooi generates incorrect urls behind ssl terminator

Bug #1676844 reported by Enol Fernández
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ooi
Fix Released
High
Enol Fernández
ooi 1.0.0

Bug Description

ooi generates URLs for the objects as http when being served behind of a ssl terminator such as HAProxy. ooi assumes http because it is not aware of the SSL.

Other OpenStack services have a secure_proxy_ssl_header option with the name of the HTTP header where the used scheme for the URLs is defined. ooi should have a similar setting.

Enol Fernández (enolfc)
Changed in ooi:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Enol Fernández (enolfc)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ooi (master)

Fix proposed to branch: master
Review: https://review.openstack.org/450751

Changed in ooi:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ooi (master)

Reviewed: https://review.openstack.org/450751
Committed: https://git.openstack.org/cgit/openstack/ooi/commit/?id=d1da7a1dfe1ca2d2731622c91c094019c4dcb488
Submitter: Jenkins
Branch: master

commit d1da7a1dfe1ca2d2731622c91c094019c4dcb488
Author: Enol Fernandez <email address hidden>
Date: Tue Mar 28 13:11:54 2017 +0100

    Add option to handle SSL termination proxies

    ooi needs to return URLs of objects matching the URL scheme used
    for serving the application even if ooi is behind a SSL termination
    proxy.

    A new configuration variable "ooi_secure_proxy_ssl_header" that
    defines the HTTP header that can be used to update the wsgi.url_scheme
    environment variable. Typical value for this variable is
    'HTTP_X_FORWARDED_PROTO'.

    Change-Id: I7ce7583f64778f667a7ea310d493390d9e19f1e2
    Closes-Bug: #1676844

Changed in ooi:
status: In Progress → Fix Released
Alvaro Lopez (aloga)
Changed in ooi:
milestone: none → 1.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.