Enable X-Forwarded-Proto header for keystone_public

One of the ways to make use of TLS in keystone is through the usage of the X-Fowarded-Proto header, which will be forwarded with the request by the loadbalancer, and it will tell keystone what protocol was used to access it. This also requires configuration from the keystone side. Change-Id: I9b899ba95e28b7dfae0c1ed84ca8431054673925
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2015-12-08 16:08:22 +0200
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2015-12-08 19:32:43 +0200
commit: 846b4fe0b82f861c3f6c637cdc5d7d9f052e4338 (patch)
tree: 2e19defb8f09535ab685706a66a26d77ad17ad3a /manifests
parent: 6021323d41c19e4aac4a3f353c1de9278763b548 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp
index e34b01e..c4a317b 100644
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -685,6 +685,10 @@ class tripleo::loadbalancer (
     haproxy::listen { 'keystone_public':
       bind             => $keystone_public_bind_opts,
       collect_exported => false,
+      mode             => 'http', # Needed for http-request option
+      options          => {
+          'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'],
+      },
     }
     haproxy::balancermember { 'keystone_public':
       listening_service => 'keystone_public',
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2015-12-08 16:08:22 +0200
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2015-12-08 19:32:43 +0200
commit	846b4fe0b82f861c3f6c637cdc5d7d9f052e4338 (patch)
tree	2e19defb8f09535ab685706a66a26d77ad17ad3a /manifests
parent	6021323d41c19e4aac4a3f353c1de9278763b548 (diff)