diff options
author | Ben Nemec <bnemec@redhat.com> | 2016-01-15 18:45:11 +0000 |
---|---|---|
committer | Ben Nemec <bnemec@redhat.com> | 2016-02-11 17:30:28 +0000 |
commit | 55b24a306d8ab6f71fa2b82f49d928dc72f8a3b0 (patch) | |
tree | aec824d11b9c310df72e959876e422f4233ceaca | |
parent | 86d9064317ff6ae1a50bfbebd146d14370dad57b (diff) |
Handle redirects for Horizon
As for Heat, we need to be able to handle 30X redirects from Horizon
when configured to use SSL. Because Horizon's redirects are
handled directly by Apache, we can't use middleware to handle the
X-Forwarded-Proto header like we are planning to do for the other
services. However, in this case we don't need to worry about
rewriting urls in the payload like we do for the other services
because Horizon is just serving standard web pages, not custom
HTTP bodies with JSON contents.
One other change from the previous Heat patch is to drop the IP
from the rewrite regex. This is because Horizon will generally be
accessed via a DNS name, so the IP won't appear in the Location
header. The heat regex should probably be changed as well since
we now support registering endpoints with DNS names, but since we
plan to move all the other services to the X-Forwarded-Proto header
middleware anyway we can probably just wait until that happens and
then remove the Heat rule entirely.
Change-Id: I039a3036be17eeabe3cff68e0ef24f70907cc568
-rw-r--r-- | manifests/loadbalancer.pp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index a37ecff..f883264 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -758,11 +758,18 @@ class tripleo::loadbalancer ( "${horizon_vip}:80" => $haproxy_listen_bind_param, "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $horizon_bind_certificate]), } + $horizon_options = { + 'cookie' => 'SERVERID insert indirect nocache', + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + } } else { $horizon_bind_opts = { "${horizon_vip}:80" => $haproxy_listen_bind_param, "${public_virtual_ip}:80" => $haproxy_listen_bind_param, } + $horizon_options = { + 'cookie' => 'SERVERID insert indirect nocache', + } } $ironic_api_vip = hiera('ironic_api_vip', $controller_virtual_ip) @@ -1131,9 +1138,7 @@ class tripleo::loadbalancer ( if $horizon { haproxy::listen { 'horizon': bind => $horizon_bind_opts, - options => { - 'cookie' => 'SERVERID insert indirect nocache', - }, + options => $horizon_options, mode => 'http', collect_exported => false, } |