Add SSL middleware to fix incorrect version host_url

The Manila API does not behave properly if it is behind an SSL termination proxy. If this is the case, the host_url in version resource are build using http protocol instead of https. To handle to correct host_url with proxy, first, we should enable X-Forwarded-Host in proxy so that Manila can get the right client ip. Second, we should enable X-Forwarded-Proto, with the new SSL middleware, Manila will get original protocol. Change-Id: I2dac983481718e6d639453e3f03f41baf8cea56d Closes-Bug: #1384379
2015-05-06 18:37:29 +08:00 · 2015-05-06 18:37:29 +08:00 · 32295b5c3c
parent a7d41d97bd
commit 32295b5c3c
1 changed files with 6 additions and 3 deletions
--- a/etc/manila/api-paste.ini
+++ b/etc/manila/api-paste.ini
@ -9,9 +9,9 @@ use = call:manila.api:root_app_factory

 [composite:openstack_share_api_v1]
 use = call:manila.api.middleware.auth:pipeline_factory
-noauth = faultwrap sizelimit noauth apiv1
-keystone = faultwrap sizelimit authtoken keystonecontext apiv1
-keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1
+noauth = faultwrap ssl sizelimit noauth apiv1
+keystone = faultwrap ssl sizelimit authtoken keystonecontext apiv1
+keystone_nolimit = faultwrap ssl sizelimit authtoken keystonecontext apiv1

 [filter:faultwrap]
 paste.filter_factory = manila.api.middleware.fault:FaultWrapper.factory
@ -22,6 +22,9 @@ paste.filter_factory = manila.api.middleware.auth:NoAuthMiddleware.factory
 [filter:sizelimit]
 paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory

+[filter:ssl]
+paste.filter_factory = oslo_middleware.ssl:SSLMiddleware.factory
+
 [app:apiv1]
 paste.app_factory = manila.api.v1.router:APIRouter.factory