diff options
author | Ryan O'Hara <rohara@redhat.com> | 2017-06-08 10:26:11 -0500 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-06-12 08:23:09 +0000 |
commit | 2606a4e66fa2802de604d56ade018119bebd79cc (patch) | |
tree | 5a74d8676e5ab591fb6893e31107a102f8a6ad24 /manifests | |
parent | 1041ef2305c0261608d52ad9c727667be4e76d99 (diff) |
Remove condition to match hdr(host) in haproxy redirect rule
The horizon proxy should redirect all HTTP requests to HTTPS,
regardless of the 'Host' field in the header. The current rule will
cause haproxy to redirect HTTP requests if the 'Host' field contains
the public virtual IP address. It will not redirect if the 'Host'
field contains a hostname, FQDN, etc.
Change-Id: I6c8f58a30f97cdf4c668734793197ea976297733
Signed-off-by: Ryan O'Hara <rohara@redhat.com>
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/haproxy.pp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 5f70647..efbfedc 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -769,7 +769,7 @@ class tripleo::haproxy ( 'cookie' => 'SERVERID insert indirect nocache', 'rsprep' => '^Location:\ http://(.*) Location:\ https://\1', # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", + 'redirect' => 'scheme https code 301 if !{ ssl_fc }', 'option' => [ 'forwardfor', 'httpchk' ], 'http-request' => [ 'set-header X-Forwarded-Proto https if { ssl_fc }', |