Add SSL middleware to fix incorrect version host_url
The Manila API does not behave properly if it is behind an SSL termination proxy. If this is the case, the host_url in version resource are build using http protocol instead of https. To handle to correct host_url with proxy, first, we should enable X-Forwarded-Host in proxy so that Manila can get the right client ip. Second, we should enable X-Forwarded-Proto, with the new SSL middleware, Manila will get original protocol. Change-Id: I2dac983481718e6d639453e3f03f41baf8cea56d Closes-Bug: #1384379
This commit is contained in:
parent
a7d41d97bd
commit
32295b5c3c
|
@ -9,9 +9,9 @@ use = call:manila.api:root_app_factory
|
|||
|
||||
[composite:openstack_share_api_v1]
|
||||
use = call:manila.api.middleware.auth:pipeline_factory
|
||||
noauth = faultwrap sizelimit noauth apiv1
|
||||
keystone = faultwrap sizelimit authtoken keystonecontext apiv1
|
||||
keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1
|
||||
noauth = faultwrap ssl sizelimit noauth apiv1
|
||||
keystone = faultwrap ssl sizelimit authtoken keystonecontext apiv1
|
||||
keystone_nolimit = faultwrap ssl sizelimit authtoken keystonecontext apiv1
|
||||
|
||||
[filter:faultwrap]
|
||||
paste.filter_factory = manila.api.middleware.fault:FaultWrapper.factory
|
||||
|
@ -22,6 +22,9 @@ paste.filter_factory = manila.api.middleware.auth:NoAuthMiddleware.factory
|
|||
[filter:sizelimit]
|
||||
paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
|
||||
|
||||
[filter:ssl]
|
||||
paste.filter_factory = oslo_middleware.ssl:SSLMiddleware.factory
|
||||
|
||||
[app:apiv1]
|
||||
paste.app_factory = manila.api.v1.router:APIRouter.factory
|
||||
|
||||
|
|
Loading…
Reference in New Issue