<div dir="ltr"><div><div>Hi,<br><br></div>SSLMiddleware takes into account a Header[1] to set wsgi.url_scheme <br>which allows a proxy to provide the original protocol to Heat/Neutron/...<br><br><br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
</span>Does that solution work in the HA Proxy case where there is one<br>
terminating address for multiple backend servers? Because there is the<br>
concern that this impacts not only the Location header, but the link<br>
documents inside the responses which clients are expected to be able to<br>
link.follow. This is an honest question, I don't know how the<br>
oslo_middleware.ssl acts in these cases. And HA Proxy 1 to N mapping is<br>
very common deployment model.<br></blockquote><div><br></div><div>It ensures the protocol provided in headers will be used to generate correct Location Headers and links.<br><br></div><div>BUT there are some limitations:<br><br></div><div>* It doesn't work when the service itself acts as a proxy (typically nova image-list)<br></div><div>* it doesn't work when you rewrite from https://<proxy-host>:<proxy-port>/<base>/... to http://<host>:<port>/... <br></div><div> because the <base> information is not provided in the headers (except if you exploit a webob limitation)<br><br><br></div><div>Cédric/ZZelle@IRC<br></div><div> <br></div></div><br></div></div>