summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRyan O'Hara <rohara@redhat.com>2017-06-08 10:26:11 -0500
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-12 08:23:09 +0000
commit2606a4e66fa2802de604d56ade018119bebd79cc (patch)
tree5a74d8676e5ab591fb6893e31107a102f8a6ad24
parent1041ef2305c0261608d52ad9c727667be4e76d99 (diff)
Remove condition to match hdr(host) in haproxy redirect rule
The horizon proxy should redirect all HTTP requests to HTTPS, regardless of the 'Host' field in the header. The current rule will cause haproxy to redirect HTTP requests if the 'Host' field contains the public virtual IP address. It will not redirect if the 'Host' field contains a hostname, FQDN, etc. Change-Id: I6c8f58a30f97cdf4c668734793197ea976297733 Signed-off-by: Ryan O'Hara <rohara@redhat.com>
-rw-r--r--manifests/haproxy.pp2
1 files changed, 1 insertions, 1 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 5f70647..efbfedc 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -769,7 +769,7 @@ class tripleo::haproxy (
'cookie' => 'SERVERID insert indirect nocache',
'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
# NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
- 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+ 'redirect' => 'scheme https code 301 if !{ ssl_fc }',
'option' => [ 'forwardfor', 'httpchk' ],
'http-request' => [
'set-header X-Forwarded-Proto https if { ssl_fc }',