4283200534
Horizon has, since OSA's inception, been deployed with HTTPS access enabled, and has had no way to turn it off. Some use-cases may want to access via HTTP instead, so this patch enables the following: 1. Listen via HTTPS on a load balancer, but via HTTP on the horizon host and have the load balancer forward the correct headers. It will do this by default in the integrated build due to the presence of the load balancer, so the current behaviour is retained. 2. Enable HTTPS on the horizon host without a load balancer. This is the role's default behaviour which matches what it always has been. 3. Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which will also disable https on haproxy. This setting is inherited by the new ``horizon_enable_ssl`` variable by default. This is a new option. Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk> Change-Id: I823f2f949258157e306dbf80570abe53373da0c3 Closes-Bug: 1794337
23 lines
903 B
YAML
23 lines
903 B
YAML
---
|
|
features:
|
|
- |
|
|
Horizon has, since OSA's inception, been deployed with HTTPS
|
|
access enabled, and has had no way to turn it off. Some use-cases
|
|
may want to access via HTTP instead, so this patch enables
|
|
the following.
|
|
|
|
* Listen via HTTPS on a load balancer, but via HTTP on the
|
|
horizon host and have the load balancer forward the correct
|
|
headers. It will do this by default in the integrated build
|
|
due to the presence of the load balancer, so the current
|
|
behaviour is retained.
|
|
|
|
* Enable HTTPS on the horizon host without a load balancer.
|
|
This is the role's default behaviour which matches what it
|
|
always has been.
|
|
|
|
* Disable HTTPS entirely by setting ``haproxy_ssl: no`` (which
|
|
will also disable https on haproxy. This setting is inherited
|
|
by the new ``horizon_enable_ssl`` variable by default. This
|
|
is a new option.
|