Heat API cannot cope with being behind an SSL terminator

Solution In Progress - Updated -

Issue

  • Heat API is behind HAProxy which performs SSL termination. The connection between HAProxy and the Heat API is not SSL.

  • Using the Heat client the API is returning non-SSL references to the client.

  • This is a known issue. The solution is to leverage the Heat SSLMiddleware code.

   New middleware to handle SSL termination proxies

    The Heat API doesn't behave properly if it is behind an SSL termination
     proxy. If this is the case, the HTTP redirections and the links
     returned in the REST response bodies are build using http protocol
     instead of https.

    To handle this situation, a new middleware was added. The purpose of the
     SSLMiddleware is to update the wsgi.url_scheme environment variable of
     the request with the value contained in an HTTP header that can be
     configured in heat.conf (by default: 'X-Forwarded-Proto')

Environment

  • Red Hat OpenStack 6.0 (RHOS)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content