Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ability for HTTP access to horizon
Horizon has, since OSA's inception, been deployed with HTTPS access enabled, and has had no way to turn it off. Some use-cases may want to access via HTTP instead, so this patch enables the following: 1. Listen via HTTPS on a load balancer, but via HTTP on the horizon host and have the load balancer forward the correct headers. It will do this by default in the integrated build due to the presence of the load balancer, so the current behaviour is retained. 2. Enable HTTPS on the horizon host without a load balancer. This is the role's default behaviour which matches what it always has been. 3. Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which will also disable https on haproxy. This setting is inherited by the new ``horizon_enable_ssl`` variable by default. This is a new option. Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk> Change-Id: I823f2f949258157e306dbf80570abe53373da0c3 Closes-Bug: 1794337 (cherry picked from commit 4283200)
- Loading branch information
Showing
6 changed files
with
69 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
releasenotes/notes/http-access-horizon-94c27a0aadb9f1b4.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
features: | ||
- | | ||
Horizon has, since OSA's inception, been deployed with HTTPS | ||
access enabled, and has had no way to turn it off. Some use-cases | ||
may want to access via HTTP instead, so this patch enables | ||
the following. | ||
* Listen via HTTPS on a load balancer, but via HTTP on the | ||
horizon host and have the load balancer forward the correct | ||
headers. It will do this by default in the integrated build | ||
due to the presence of the load balancer, so the current | ||
behaviour is retained. | ||
* Enable HTTPS on the horizon host without a load balancer. | ||
This is the role's default behaviour which matches what it | ||
always has been. | ||
* Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which | ||
will also disable https on haproxy. This setting is inherited | ||
by the new ``horizon_enable_ssl`` variable by default. This | ||
is a new option. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters