From d3dd5a996dbce5e113c361c838551cf22e52bfb6 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Mon, 22 Oct 2018 11:04:55 -0400 Subject: [PATCH] common: add config option rgw_trust_forwarded_https Signed-off-by: Casey Bodley --- doc/radosgw/config-ref.rst | 11 +++++++++++ doc/radosgw/encryption.rst | 5 +++++ src/common/legacy_config_opts.h | 1 + src/common/options.cc | 11 +++++++++++ 4 files changed, 28 insertions(+) diff --git a/doc/radosgw/config-ref.rst b/doc/radosgw/config-ref.rst index 37c9b81f746..abaeafba821 100644 --- a/doc/radosgw/config-ref.rst +++ b/doc/radosgw/config-ref.rst @@ -576,6 +576,17 @@ Swift Settings :Default: ``false`` +``rgw trust forwarded https`` + +:Description: When a proxy in front of radosgw is used for ssl termination, radosgw + does not know whether incoming http connections are secure. Enable + this option to trust the ``Forwarded`` and ``X-Forwarded-Proto`` headers + sent by the proxy when determining whether the connection is secure. + This is required for some features, such as server side encryption. +:Type: Boolean +:Default: ``false`` + + Logging Settings ================ diff --git a/doc/radosgw/encryption.rst b/doc/radosgw/encryption.rst index a7bb7e2e931..ea89e502ab0 100644 --- a/doc/radosgw/encryption.rst +++ b/doc/radosgw/encryption.rst @@ -9,6 +9,11 @@ with 3 options for the management of encryption keys. Server-side encryption means that the data is sent over HTTP in its unencrypted form, and the Ceph Object Gateway stores that data in the Ceph Storage Cluster in encrypted form. +.. note:: Requests for server-side encryption must be sent over a secure HTTPS + connection to avoid sending secrets in plaintext. If a proxy is used + for SSL termination, ``rgw trust forwarded https`` must be enabled + before forwarded requests will be trusted as secure. + Customer-Provided Keys ====================== diff --git a/src/common/legacy_config_opts.h b/src/common/legacy_config_opts.h index 0145f157597..e1d5e8458d2 100644 --- a/src/common/legacy_config_opts.h +++ b/src/common/legacy_config_opts.h @@ -1504,6 +1504,7 @@ OPTION(rgw_shard_warning_threshold, OPT_DOUBLE) // pct of safe max OPTION(rgw_swift_versioning_enabled, OPT_BOOL) // whether swift object versioning feature is enabled +OPTION(rgw_trust_forwarded_https, OPT_BOOL) // trust Forwarded and X-Forwarded-Proto headers for ssl termination OPTION(rgw_crypt_require_ssl, OPT_BOOL) // requests including encryption key headers must be sent over ssl OPTION(rgw_crypt_default_encryption_key, OPT_STR) // base64 encoded key for encryption of rgw objects OPTION(rgw_crypt_s3_kms_encryption_keys, OPT_STR) // extra keys that may be used for aws:kms diff --git a/src/common/options.cc b/src/common/options.cc index ac855ed7561..d7f325bb809 100644 --- a/src/common/options.cc +++ b/src/common/options.cc @@ -6237,6 +6237,17 @@ std::vector