Project

Profile

Help

Story #4954

closed

As a user, I can restrict a Distribution to serve a particular scheme

Added by bmbouter almost 5 years ago. Updated about 2 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Ticket moved to GitHub: "pulp/pulpcore/1835":https://github.com/pulp/pulpcore/issues/1835


Problem

A user wants to configure specific repositories to serve via http, others via https, and yet others via both. The use case for https is that people want security. The use case for http is that some clients may not support https.

Solution

Add a field named allowed_scheme to BaseDistribution so it's available to all subclassed Distribution types. This is a choice field that accepts one of 3 values:

http - Only serve the request if the scheme is 'http'
https - Only serve the request if the scheme is 'https'
any - Serve all requests regardless of the scheme     <----- this is the default

Use the X-Forwarded-Proto header so Pulp can know the scheme being served in cases where TLS occurs before the reverse proxy call to Pulp. If the header is not present, the current request scheme is the one assumed.

Also available in: Atom PDF