Ceph RADOS Gateway Charm

  1. Bug #2021560
  2. Comment #5

Comment 5 for bug 2021560

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-ceph-radosgw (master)

Reviewed: https://review.opendev.org/c/openstack/charm-ceph-radosgw/+/884797
Committed: https://opendev.org/openstack/charm-ceph-radosgw/commit/541ceec4018e311cef1517a62eefa28cd53bc162
Submitter: "Zuul (22348)"
Branch: master

commit 541ceec4018e311cef1517a62eefa28cd53bc162
Author: Samuel Walladge <email address hidden>
Date: Wed May 31 12:23:11 2023 +0930

    Enable rgw trust forwarded https when https proxy

    This option is required for server-side encryption to be allowed
    if radosgw is behind a reverse proxy,
    such as here when certificates are configured and apache2 is running.

    ref. https://docs.ceph.com/en/latest/radosgw/encryption/

    It is safe to always enable when https is configured in the charm,
    because it will be securely behind the reverse proxy in the unit.
    This option must not be enabled when https is not configured in the charm,
    because this would allow clients to spoof headers.

    Closes-Bug: #2021560
    Change-Id: I940f9b2f424a3d98936b5f185bf8f87b71091317