Use http_proxy_to_wsgi middleware
This sets up the HTTPProxyToWSGI middleware in front of Freezer. The purpose of this middleware is to set up the request URL correctly in case there is a proxy (For instance, a loadbalancer such as HAProxy) in front of Freezer. The HTTPProxyToWSGI is off by default and needs to be enabled via a configuration value. Depends-On: Iffd38a325204a3ec7380a7a56061866477d3d06e Change-Id: I44d60863eefeb52891474653aa9fcf1ba57d50a1 Closes-bug: #1590608
This commit is contained in:
parent
dccbbf35c9
commit
fbd1f04abf
|
@ -4,3 +4,4 @@ wrap_width = 79
|
|||
namespace = "freezer-api"
|
||||
namespace = oslo.log
|
||||
namespace = oslo.policy
|
||||
namespace = oslo.middleware
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
# configuration files are used then all logging configuration is set in the
|
||||
# configuration file and other logging configuration options are ignored (for
|
||||
# example, logging_context_format_string). (string value)
|
||||
# Note: This option can be changed without restarting.
|
||||
# Deprecated group/name - [DEFAULT]/log_config
|
||||
#log_config_append = <None>
|
||||
|
||||
|
@ -109,6 +110,64 @@
|
|||
#fatal_deprecations = false
|
||||
|
||||
|
||||
[cors]
|
||||
|
||||
#
|
||||
# From oslo.middleware
|
||||
#
|
||||
|
||||
# Indicate whether this resource may be shared with the domain received in the
|
||||
# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
|
||||
# slash. Example: https://horizon.example.com (list value)
|
||||
#allowed_origin = <None>
|
||||
|
||||
# Indicate that the actual request can include user credentials (boolean value)
|
||||
#allow_credentials = true
|
||||
|
||||
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
|
||||
# Headers. (list value)
|
||||
#expose_headers =
|
||||
|
||||
# Maximum cache age of CORS preflight requests. (integer value)
|
||||
#max_age = 3600
|
||||
|
||||
# Indicate which methods can be used during the actual request. (list value)
|
||||
#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH
|
||||
|
||||
# Indicate which header field names may be used during the actual request.
|
||||
# (list value)
|
||||
#allow_headers =
|
||||
|
||||
|
||||
[cors.subdomain]
|
||||
|
||||
#
|
||||
# From oslo.middleware
|
||||
#
|
||||
|
||||
# Indicate whether this resource may be shared with the domain received in the
|
||||
# requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
|
||||
# slash. Example: https://horizon.example.com (list value)
|
||||
#allowed_origin = <None>
|
||||
|
||||
# Indicate that the actual request can include user credentials (boolean value)
|
||||
#allow_credentials = true
|
||||
|
||||
# Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
|
||||
# Headers. (list value)
|
||||
#expose_headers =
|
||||
|
||||
# Maximum cache age of CORS preflight requests. (integer value)
|
||||
#max_age = 3600
|
||||
|
||||
# Indicate which methods can be used during the actual request. (list value)
|
||||
#allow_methods = OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,PATCH
|
||||
|
||||
# Indicate which header field names may be used during the actual request.
|
||||
# (list value)
|
||||
#allow_headers =
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
|
@ -157,7 +216,7 @@
|
|||
|
||||
# Optionally specify a list of memcached server(s) to use for caching. If left
|
||||
# undefined, tokens will instead be cached in-process. (list value)
|
||||
# Deprecated group/name - [DEFAULT]/memcache_servers
|
||||
# Deprecated group/name - [keystone_authtoken]/memcache_servers
|
||||
#memcached_servers = <None>
|
||||
|
||||
# In order to prevent excessive effort spent validating tokens, the middleware
|
||||
|
@ -167,8 +226,8 @@
|
|||
|
||||
# Determines the frequency at which the list of revoked tokens is retrieved
|
||||
# from the Identity service (in seconds). A high number of revocation events
|
||||
# combined with a low cache duration may significantly reduce performance. Only
|
||||
# valid for PKI tokens. (integer value)
|
||||
# combined with a low cache duration may significantly reduce performance.
|
||||
# (integer value)
|
||||
#revocation_cache_time = 10
|
||||
|
||||
# (Optional) If defined, indicate whether token data should be authenticated or
|
||||
|
@ -235,58 +294,44 @@
|
|||
# performance. (list value)
|
||||
#hash_algorithms = md5
|
||||
|
||||
# Prefix to prepend at the beginning of the path. Deprecated, use identity_uri.
|
||||
# (string value)
|
||||
#auth_admin_prefix =
|
||||
|
||||
# Host providing the admin Identity API endpoint. Deprecated, use identity_uri.
|
||||
# (string value)
|
||||
#auth_host = 127.0.0.1
|
||||
|
||||
# Port of the admin Identity API endpoint. Deprecated, use identity_uri.
|
||||
# (integer value)
|
||||
#auth_port = 35357
|
||||
|
||||
# Protocol of the admin Identity API endpoint. Deprecated, use identity_uri.
|
||||
# (string value)
|
||||
# Allowed values: http, https
|
||||
#auth_protocol = https
|
||||
|
||||
# Complete admin Identity API endpoint. This should specify the unversioned
|
||||
# root endpoint e.g. https://localhost:35357/ (string value)
|
||||
#identity_uri = <None>
|
||||
|
||||
# This option is deprecated and may be removed in a future release. Single
|
||||
# shared secret with the Keystone configuration used for bootstrapping a
|
||||
# Keystone installation, or otherwise bypassing the normal authentication
|
||||
# process. This option should not be used, use `admin_user` and
|
||||
# `admin_password` instead. (string value)
|
||||
#admin_token = <None>
|
||||
|
||||
# Service username. (string value)
|
||||
#admin_user = <None>
|
||||
|
||||
# Service user password. (string value)
|
||||
#admin_password = <None>
|
||||
|
||||
# Service tenant name. (string value)
|
||||
#admin_tenant_name = admin
|
||||
|
||||
# Authentication type to load (unknown value)
|
||||
# Deprecated group/name - [DEFAULT]/auth_plugin
|
||||
# Authentication type to load (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_plugin
|
||||
#auth_type = <None>
|
||||
|
||||
# Config Section from which to load plugin specific options (unknown value)
|
||||
# Config Section from which to load plugin specific options (string value)
|
||||
#auth_section = <None>
|
||||
|
||||
|
||||
[oslo_middleware]
|
||||
|
||||
#
|
||||
# From oslo.middleware
|
||||
#
|
||||
|
||||
# The maximum body size for each request, in bytes. (integer value)
|
||||
# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size
|
||||
# Deprecated group/name - [DEFAULT]/max_request_body_size
|
||||
#max_request_body_size = 114688
|
||||
|
||||
# DEPRECATED: The HTTP Header that will be used to determine what the original
|
||||
# request protocol scheme was, even if it was hidden by a SSL termination
|
||||
# proxy. (string value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
#secure_proxy_ssl_header = X-Forwarded-Proto
|
||||
|
||||
# Whether the application is behind a proxy or not. This determines if the
|
||||
# middleware should parse the headers or not. (boolean value)
|
||||
#enable_proxy_headers_parsing = false
|
||||
|
||||
|
||||
[oslo_policy]
|
||||
|
||||
#
|
||||
# From oslo.policy
|
||||
#
|
||||
|
||||
# The JSON file that defines policies. (string value)
|
||||
# The file that defines policies. (string value)
|
||||
# Deprecated group/name - [DEFAULT]/policy_file
|
||||
#policy_file = policy.json
|
||||
|
||||
|
@ -347,8 +392,6 @@
|
|||
# path to CA certs on disk (string value)
|
||||
#ca_certs = <None>
|
||||
|
||||
# Number of replicas for elk cluster. Default is 0. Use 0 for no replicas
|
||||
# In a production environment, this value should be equal to:
|
||||
# (Number of elasticsearch node in the cluster - 1)
|
||||
# (integer value)
|
||||
# Number of replicas for elk cluster. Default is 0. Use 0 for no replicas. This
|
||||
# should be set to (number of node in the ES cluter -1). (integer value)
|
||||
#number_of_replicas = 0
|
||||
|
|
|
@ -19,8 +19,11 @@ paste.filter_factory = freezer_api.api.common.middleware:HealthApp.factory
|
|||
[filter:context]
|
||||
paste.filter_factory = freezer_api.api.common.middleware:ContextMiddleware.factory
|
||||
|
||||
[filter:http_proxy_to_wsgi]
|
||||
paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = healthcheck authtoken context freezer_app
|
||||
pipeline = healthcheck http_proxy_to_wsgi authtoken context freezer_app
|
||||
|
||||
[pipeline:unauthenticated_freezer_api]
|
||||
pipeline = HealthApp Healthcheck freezer_app
|
||||
pipeline = http_proxy_to_wsgi HealthApp Healthcheck freezer_app
|
||||
|
|
Loading…
Reference in New Issue