From c0f6c6d4ebf85616e7c41c25fa34f85dfdd38a18 Mon Sep 17 00:00:00 2001 From: Oliver Walsh Date: Mon, 9 Dec 2024 15:39:32 +0000 Subject: [PATCH] [httpd] Use absolute url with schema in redirect rule Use the endpoint in the redirect rule to ensure it references the correct base url and schema which can be different to the current schema when TLS is terminated at the route Added horizonEndpoint template param with the full url, renamed the incorrectly named horizonEndpointUrl to horizonEndpointHost. Jira: OSPRH-12005 --- controllers/horizon_controller.go | 17 +++++++++-------- templates/horizon/config/httpd.conf | 2 +- templates/horizon/config/local_settings.py | 14 +++++++++++--- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/controllers/horizon_controller.go b/controllers/horizon_controller.go index a33da35a..4a7db03a 100644 --- a/controllers/horizon_controller.go +++ b/controllers/horizon_controller.go @@ -888,14 +888,15 @@ func (r *HorizonReconciler) generateServiceConfigMaps( } templateParameters := map[string]interface{}{ - "keystoneURL": authURL, - "horizonEndpointUrl": url.Host, - "memcachedServers": mc.GetMemcachedServerListQuotedString(), - "memcachedTLS": mc.GetMemcachedTLSSupport(), - "ServerName": fmt.Sprintf("%s.%s.svc", horizon.ServiceName, instance.Namespace), - "Port": horizon.HorizonPort, - "TLS": false, - "isPublicHTTPS": url.Scheme == "https", + "keystoneURL": authURL, + "horizonEndpoint": instance.Status.Endpoint, + "horizonEndpointHost": url.Host, + "memcachedServers": mc.GetMemcachedServerListQuotedString(), + "memcachedTLS": mc.GetMemcachedTLSSupport(), + "ServerName": fmt.Sprintf("%s.%s.svc", horizon.ServiceName, instance.Namespace), + "Port": horizon.HorizonPort, + "TLS": false, + "isPublicHTTPS": url.Scheme == "https", } // create httpd tls template parameters diff --git a/templates/horizon/config/httpd.conf b/templates/horizon/config/httpd.conf index 58d38dac..31e49a6c 100644 --- a/templates/horizon/config/httpd.conf +++ b/templates/horizon/config/httpd.conf @@ -57,7 +57,7 @@ LogLevel debug CustomLog /dev/stdout "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" env=forwarded ## RedirectMatch rules - RedirectMatch permanent ^/$ /dashboard + RedirectMatch permanent ^/$ "{{ .horizonEndpoint }}/dashboard" ## WSGI configuration WSGIApplicationGroup %{GLOBAL} diff --git a/templates/horizon/config/local_settings.py b/templates/horizon/config/local_settings.py index 207a2cb6..6ad41bf8 100644 --- a/templates/horizon/config/local_settings.py +++ b/templates/horizon/config/local_settings.py @@ -64,18 +64,26 @@ def get_pod_ip(): import socket s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + hostport = ( + "{{ .horizonEndpointHost }}", + {{- if .isPublicHTTPS }} + 443 + {{- else }} + 80 + {{- end }} + ) try: - s.connect(("{{ .horizonEndpointUrl }}", 80)) + s.connect(hostport) return s.getsockname()[0] except socket.gaierror: s.close() s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) - s.connect(("{{ .horizonEndpointUrl }}", 80)) + s.connect(hostport) return "[{}]".format(s.getsockname()[0]) finally: s.close() -ALLOWED_HOSTS = [get_pod_ip(), "{{ .horizonEndpointUrl }}"] +ALLOWED_HOSTS = [get_pod_ip(), "{{ .horizonEndpointHost }}"] USE_X_FORWARDED_HOST = True