diff options
| author |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2015-12-08 16:08:22 +0200 |
|---|---|---|
| committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2015-12-08 19:32:43 +0200 |
| commit | 846b4fe0b82f861c3f6c637cdc5d7d9f052e4338 (patch) | |
| tree | 2e19defb8f09535ab685706a66a26d77ad17ad3a | |
| parent | 6021323d41c19e4aac4a3f353c1de9278763b548 (diff) | |
Enable X-Forwarded-Proto header for keystone_public
One of the ways to make use of TLS in keystone is through the usage of
the X-Fowarded-Proto header, which will be forwarded with the request
by the loadbalancer, and it will tell keystone what protocol was used
to access it. This also requires configuration from the keystone side.
Change-Id: I9b899ba95e28b7dfae0c1ed84ca8431054673925
| -rw-r--r-- | manifests/loadbalancer.pp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index e34b01e..c4a317b 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -685,6 +685,10 @@ class tripleo::loadbalancer ( haproxy::listen { 'keystone_public': bind => $keystone_public_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'keystone_public': listening_service => 'keystone_public', |