common: add config option rgw_trust_forwarded_https

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit d3dd5a9)
Signed-off-by: Jonathan Brielmaier <jbrielmaier@suse.de>

diff --git a/doc/radosgw/config-ref.rst b/doc/radosgw/config-ref.rst
index 45054a9eceb27ad4be56794352e3c4a38b8ad0d3..d86baf12637f8f2227e60028fd4aded88f056b13 100644 (file)
--- a/doc/radosgw/config-ref.rst
+++ b/doc/radosgw/config-ref.rst
@@ -576,6 +576,17 @@ Swift Settings
 :Default: ``false``
 
 
+``rgw trust forwarded https``
+
+:Description: When a proxy in front of radosgw is used for ssl termination, radosgw
+              does not know whether incoming http connections are secure. Enable
+              this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers
+              sent by the proxy when determining whether the connection is secure.
+              This is required for some features, such as server side encryption.
+:Type: Boolean
+:Default: ``false``
+
+
 
 Logging Settings
 ================

diff --git a/doc/radosgw/encryption.rst b/doc/radosgw/encryption.rst
index a7bb7e2e931b65130c9cd2f4e00c954d75b2a6d1..ea89e502ab0b8e828d34fdcfc32437d3acc56d65 100644 (file)
--- a/doc/radosgw/encryption.rst
+++ b/doc/radosgw/encryption.rst
@@ -9,6 +9,11 @@ with 3 options for the management of encryption keys. Server-side encryption
 means that the data is sent over HTTP in its unencrypted form, and the Ceph
 Object Gateway stores that data in the Ceph Storage Cluster in encrypted form.
 
+.. note:: Requests for server-side encryption must be sent over a secure HTTPS
+          connection to avoid sending secrets in plaintext. If a proxy is used
+          for SSL termination, ``rgw trust forwarded https`` must be enabled
+          before forwarded requests will be trusted as secure.
+
 Customer-Provided Keys
 ======================
 

diff --git a/src/common/legacy_config_opts.h b/src/common/legacy_config_opts.h
index b76e089732dc3bb6ffe44f713d5c207bbe1e0aba..b5521081655964789d0daf9ea9622e5e850d77e9 100644 (file)
--- a/src/common/legacy_config_opts.h
+++ b/src/common/legacy_config_opts.h
@@ -1490,6 +1490,7 @@ OPTION(rgw_shard_warning_threshold, OPT_DOUBLE) // pct of safe max
 
 OPTION(rgw_swift_versioning_enabled, OPT_BOOL) // whether swift object versioning feature is enabled
 
+OPTION(rgw_trust_forwarded_https, OPT_BOOL) // trust Forwarded and X-Forwarded-Proto headers for ssl termination
 OPTION(rgw_crypt_require_ssl, OPT_BOOL) // requests including encryption key headers must be sent over ssl
 OPTION(rgw_crypt_default_encryption_key, OPT_STR) // base64 encoded key for encryption of rgw objects
 OPTION(rgw_crypt_s3_kms_encryption_keys, OPT_STR) // extra keys that may be used for aws:kms

diff --git a/src/common/options.cc b/src/common/options.cc
index 6857b8aa0940066a63f4bef4f14298b3b61a8a40..234014ed967d3261a990a8048094ff79111f6699 100644 (file)
--- a/src/common/options.cc
+++ b/src/common/options.cc
@@ -6088,6 +6088,17 @@ std::vector<Option> get_rgw_options() {
     .set_default(120)
     .set_description(""),
 
+    Option("rgw_trust_forwarded_https", Option::TYPE_BOOL, Option::LEVEL_ADVANCED)
+    .set_default(false)
+    .set_description("Trust Forwarded and X-Forwarded-Proto headers")
+    .set_long_description(
+        "When a proxy in front of radosgw is used for ssl termination, radosgw "
+        "does not know whether incoming http connections are secure. Enable "
+        "this option to trust the Forwarded and X-Forwarded-Proto headers sent "
+        "by the proxy when determining whether the connection is secure. This "
+        "is required for some features, such as server side encryption.")
+    .add_see_also("rgw_crypt_require_ssl"),
+
     Option("rgw_crypt_require_ssl", Option::TYPE_BOOL, Option::LEVEL_ADVANCED)
     .set_default(true)
     .set_description("Requests including encryption key headers must be sent over ssl"),