Hi
> Ok, how exactly does that work? Because it seems like > oslo_middleware.ssl is only changing the protocol if the proxy sets it. > > But the host in the urls will still be the individual host, which isn't > the proxy hostname/ip. Sorry if I'm being daft here, just want to > understand how that flow ends up working. > Host and X-Forwarded-Proto headers are provided by the proxy to the service. Host and X-Forwarded-Proto headers are either built by the proxy or forwarded (if there are many proxies). > Will that cover the case of webob's request.application_uri? If so I > think that covers the REST documents in at least Nova (one good data > point, and one that I know has been copied around). At least as far as > the protocol is concerned, it's still got a potential url issue. I let Julien answers :) > It also looks like there are new standards for Forwarded headers, so the > middleware should probably support those as well. > http://tools.ietf.org/html/rfc7239. > Good to know! I can update SSLMiddleware to handle it as the rfc uses the format: "Forwarded: proto=https" which is different from de facto standard (supported by SSLMiddleware): "X-Forwarded-Proto: https" Cédric
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
