Set enable_proxy_headers_parsing = True when HAProxy is used
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Medium
|
Shannon Mitchell |
Bug Description
[oslo_middleware]
enable_
should be set in the configuration of services that use oslo_middleware, when HAProxy is used.
Obvious example with Designate, currently a request on the public IP returns:
# curl --insecure https:/
{
"versions": {
"values": [
{
"id": "v1",
"links": [
{
"href": "http://
"rel": "self"
}
],
"status": "DEPRECATED"
},
{
"id": "v2",
"links": [
{
"href": "http://
"rel": "self"
}
],
"status": "CURRENT"
}
]
}
}
Notice http instead of https.
With the config change, https is returned as expected.
Changed in openstack-ansible: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
One question is: can we enable that option even when there is HAProxy in front?
https:/ /git.openstack. org/cgit/ openstack/ oslo.middleware /commit/ ?id=f62c3a74c07 238d91efb17e9ac 64373f08894490 says we shouldn't for security reasons.
https:/ /bugs.launchpad .net/oslo. middleware/ +bug/1590635 asks to change the default directly in oslo.middleware.