aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGraeme Gillies <ggillies@redhat.com>2016-08-24 11:32:09 +1000
committerGraeme Gillies <ggillies@redhat.com>2016-08-24 11:35:03 +1000
commitb7fe58567704920a819128d43a8aa38807ebba9a (patch)
treecf8b23cd4cbae4a1c737f2e5ba79d67171983797
parent8f8860c0343b49b50b3d0259b9c4a859f5d81cc3 (diff)
Added X-Forwarded-Proto headers for horizon
When enabling federated authentication with keystone, and then enabling websso in horizon, the URL horizon constructs for the redirect is done internally, and django needs to be able to know if it has to construct the url with http or https. By setting this header at the haproxy level, horizon can make the correct decision. Change-Id: I0281fe1e5efa0d3f5983342dec70752246d9fca8
-rw-r--r--manifests/haproxy.pp11
1 files changed, 7 insertions, 4 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e2b2cc9..e72d915 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -414,11 +414,14 @@ class tripleo::haproxy (
"${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]),
}
$horizon_options = {
- 'cookie' => 'SERVERID insert indirect nocache',
- 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
+ 'cookie' => 'SERVERID insert indirect nocache',
+ 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
# NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
- 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
- 'option' => 'forwardfor',
+ 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+ 'option' => 'forwardfor',
+ 'http-request' => [
+ 'set-header X-Forwarded-Proto https if { ssl_fc }',
+ 'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
}
} else {
$horizon_bind_opts = {