[openstack-dev] [all] Consistent support for SSL termination proxies across all API services

Duncan Thomas duncan.thomas at gmail.com
Fri Sep 18 05:40:16 UTC 2015


On 18 Sep 2015 05:13, "Jim Rollenhagen" <jim at jimrollenhagen.com> wrote:

> FWIW, in Ironic, we added the public_endpoint config to fix the bug
> quickly, but we'd really prefer to support both that and the
> secure_proxy_ssl_header option. It would use public_endpoint if it is
> set, then fall back to the header config, then fall back to
> request_host like it was before.

This seems like the most sensible arrangement and the one if be happy
meeting for cinder. If the originator would like to file a bug against
cinder for the missing proto header support then I don't expect any
resistance to it being fixed.

Is there anybody with the time to start analysing different project's
config files and documenting the likely cross-project ones? I know glance
had a bunch of ssl related ones that were richer than most projects, for
example.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150918/38e2e2ec/attachment.html>


More information about the OpenStack-dev mailing list