summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-11-08 13:22:13 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-11-08 13:22:13 +0200
commit005bf64e4a4f7ef1de161ebe6363d7f5369028e4 (patch)
tree77168aa13fec44d1ff0f059bc3f7e6dbcdd0b410
parent8a4fc9c18e8ebfccc7f5bd0c4820c87bebd61d31 (diff)
Pass X-Forwarded-Proto for missing services
aodh, ceilometer, gnocchi and neutron need the X-Forwarded-Proto in order to return links with the correct protocol when SSL is enabled. This enables it in HAProxy Change-Id: Icceab92f86b1cc40d42195fa4ba0c75f302795b8 Closes-Bug: #1640126
-rw-r--r--manifests/haproxy.pp20
1 files changed, 20 insertions, 0 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 7c5ff39..28bd896 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -773,6 +773,11 @@ class tripleo::haproxy (
service_port => $ports[neutron_api_port],
ip_addresses => hiera('neutron_api_node_ips', $controller_hosts_real),
server_names => hiera('neutron_api_node_names', $controller_hosts_names_real),
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
public_ssl_port => $ports[neutron_api_ssl_port],
service_network => $neutron_network,
}
@@ -917,6 +922,11 @@ class tripleo::haproxy (
service_port => $ports[ceilometer_api_port],
ip_addresses => hiera('ceilometer_api_node_ips', $controller_hosts_real),
server_names => hiera('ceilometer_api_node_names', $controller_hosts_names_real),
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
public_ssl_port => $ports[ceilometer_api_ssl_port],
service_network => $ceilometer_network,
member_options => union($haproxy_member_options, $internal_tls_member_options),
@@ -930,6 +940,11 @@ class tripleo::haproxy (
service_port => $ports[aodh_api_port],
ip_addresses => hiera('aodh_api_node_ips', $controller_hosts_real),
server_names => hiera('aodh_api_node_names', $controller_hosts_names_real),
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
public_ssl_port => $ports[aodh_api_ssl_port],
service_network => $aodh_network,
member_options => union($haproxy_member_options, $internal_tls_member_options),
@@ -955,6 +970,11 @@ class tripleo::haproxy (
service_port => $ports[gnocchi_api_port],
ip_addresses => hiera('gnocchi_api_node_ips', $controller_hosts_real),
server_names => hiera('gnocchi_api_node_names', $controller_hosts_names_real),
+ listen_options => {
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+ },
public_ssl_port => $ports[gnocchi_api_ssl_port],
service_network => $gnocchi_network,
}