Fix secure_proxy_ssl_header option

Option "secure_proxy_ssl_header" from group "DEFAULT" is deprecated in Keystone. see https://docs.openstack.org/ocata/config-reference/identity/samples/keystone.conf.html Change-Id: I390969fce5b592c0267399969abc54e5caffbfc8 Closes-Bug: #1675982
2017-03-30 15:49:51 +08:00 · 2017-03-30 15:49:51 +08:00 · 83fae8c8f9
commit 83fae8c8f9
parent 04ebda9e44
1 changed files with 2 additions and 1 deletions
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@ -9,7 +9,8 @@ transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}
 log_file = /var/log/kolla/keystone/keystone.log
 use_stderr = True

-secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
+[oslo_middleware]
+enable_proxy_headers_parsing = True

 [database]
 connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}