[Openstack-security] [Bug 1504610] Re: Murano API cannot cope with being behind an SSL terminator
Nikolay Starodubtsev
nstarodubtsev at mirantis.com
Mon Oct 12 07:49:52 UTC 2015
** Changed in: murano/mitaka
Assignee: (unassigned) => Nikolay Starodubtsev (starodubcevna)
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1504610
Title:
Murano API cannot cope with being behind an SSL terminator
Status in murano:
New
Status in murano liberty series:
New
Status in murano mitaka series:
New
Bug description:
On environments with SSL/https for all endpoints Murano deployments
fail because Murano works under SSL terminator.
Steps To Reproduce:
1. Deploy Murano in http mode and configure HA Proxy with SSL termination
2. Deploy Murano application
Observed Result:
Deployment will fail with the error about unreachable http Murano endpoint.
We have the same issue for Heat which is already fixed now:
https://bugs.launchpad.net/heat/+bug/1235555
HAProxy serves as the SSL termination for all of the LCP Services, Client HTTPS Request -> HAProxy HTTPS Listener -> Murano HTTP ListenerHAProxy uses the X-Forwarded-Proto to try and tell the application that the original request was HTTPS, unfortunately it does not appear Murano/webob adheres to the use of this header.https://github.com/Pylons/webob/blob/master/webob/request.py#L437
See the change issue related to heat api,https://review.openstack.org/#/c/64142/
To manage notifications about this bug go to:
https://bugs.launchpad.net/murano/+bug/1504610/+subscriptions
More information about the Openstack-security
mailing list