On 8/29/25 2:12 AM, Chang Xue wrote:
Thanks for the reply. Yes we have http_proxy_to_wsgi middleware in api-paste.ini.
I also tried changed HAproxy configs to add frontend and backend, to set headers for neutron/nova. Interesting thing is, after that I can get port list work and related logs is available in HAproxy logs, but not always. Sometimes it's still giving me the same error as before, and I don't see meaningful logs in HAproxy.
So my struggling point is: 1. when I don't add HAproxy configs for neutron, why it returns http href link, although I'm sure CLI is sending neutron https request?
Unless the headers indicating that these requests were "forwarded", the api service does not know anything about your load balancer. It doesn't know the request a user sent to your loadbalancer. It knows only the request coming from your load balancer (which uses HTTP instead of HTTPS) So it makes the best guess based on the its own endpoint, These HTTP headers are pretty well common ones to tell applications that these requests come through forwarder and applications can "guess" the external url precisely.
2. after adding HAproxy configs, why it only works intermittently? I have no clear idea about this. You may want to ensure that the forwarded option is set at the level common for all backend servers. Also make sure that you reload haproxy so that it completely reflect the forward header options added. If you still see the same problem then you may check if the issue is seen with a specific backend server to see if there can be a misconfiguration in these servers.