diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2016-10-03 06:30:41 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2016-10-03 06:30:41 +0000 |
| commit | 675cb627fec54732c5db4006788931d741dd79e2 (patch) | |
| tree | 3ce2fad989b3b80334109859a9d02966c39fee2b | |
| parent | 1e26963bef085c7ec16b342594da6286235fe7da (diff) | |
| parent | b7fe58567704920a819128d43a8aa38807ebba9a (diff) | |
Merge "Added X-Forwarded-Proto headers for horizon"
| -rw-r--r-- | manifests/haproxy.pp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 6a81731..2cac604 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -439,11 +439,14 @@ class tripleo::haproxy ( "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $service_certificate]), } $horizon_options = { - 'cookie' => 'SERVERID insert indirect nocache', - 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + 'cookie' => 'SERVERID insert indirect nocache', + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - 'option' => 'forwardfor', + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], } } else { $horizon_bind_opts = { |