diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-06-16 21:43:25 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-06-16 21:43:26 +0000 |
commit | bb7e1829f683ca1cac2034ce0b450c0f7ce483ed (patch) | |
tree | 941a5da1d905c3fcd595f0ddec07466de3d29ddb /manifests/haproxy | |
parent | b4ace4f298c6d1435f3b7b95791788571e905ef8 (diff) | |
parent | 192463755bb599b8879c09a97cf731dad0cde6a0 (diff) |
Merge "For http service endpoints always redirect to https"
Diffstat (limited to 'manifests/haproxy')
-rw-r--r-- | manifests/haproxy/endpoint.pp | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp index 16e0bd1..f1e80e8 100644 --- a/manifests/haproxy/endpoint.pp +++ b/manifests/haproxy/endpoint.pp @@ -108,9 +108,20 @@ define tripleo::haproxy::endpoint ( # service exposed to the public network if $public_certificate { + if $mode == 'http' { + $tls_listen_options = { + 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', + 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'option' => 'forwardfor', + } + $listen_options_real = merge($tls_listen_options, $listen_options) + } else { + $listen_options_real = $listen_options + } $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate])) } else { + $listen_options_real = $listen_options $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${service_port}"), $haproxy_listen_bind_param) } } else { @@ -138,7 +149,7 @@ define tripleo::haproxy::endpoint ( bind => $bind_opts, collect_exported => false, mode => $mode, - options => $listen_options, + options => $listen_options_real, } haproxy::balancermember { "${name}": listening_service => $name, |