c92f45e3af
Current logic does not allow horizon backend to listen on https (`horizon_enable_ssl`) if external loadblanacer serves TLS (`horizon_external_ssl`). It basically forces backend to listen on plain http in this case which does not make any sense. It should be possible to enable TLS on both loadbalancer and horizon backend. Additionally, with this patch, role defines a proper HTTP_X_FORWARDED_PROTO header value(it's included in `horizon_secure_proxy_ssl_header` and `horizon_secure_proxy_ssl_header_django` and can be set to 'http' or 'https') based on whether external load balancer listens on https (`horizon_external_ssl`)[1]. For example if loadbalancer listens on https and backend on http, HTTP_X_FORWARDED_PROTO should be set to 'https'. Otherwise horizon will respond with redirection to http. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff |
||
|---|---|---|
| .. | ||
| 80_admin_default_panel.py.j2 | ||
| horizon_apache_ports.conf.j2 | ||
| horizon_local_settings.py.j2 | ||
| horizon-manage.py.j2 | ||
| openstack_dashboard.conf.j2 | ||