From 2606a4e66fa2802de604d56ade018119bebd79cc Mon Sep 17 00:00:00 2001
From: Ryan O'Hara <rohara@redhat.com>
Date: Thu, 8 Jun 2017 10:26:11 -0500
Subject: Remove condition to match hdr(host) in haproxy redirect rule

The horizon proxy should redirect all HTTP requests to HTTPS,
regardless of the 'Host' field in the header. The current rule will
cause haproxy to redirect HTTP requests if the 'Host' field contains
the public virtual IP address. It will not redirect if the 'Host'
field contains a hostname, FQDN, etc.

Change-Id: I6c8f58a30f97cdf4c668734793197ea976297733
Signed-off-by: Ryan O'Hara <rohara@redhat.com>
---
 manifests/haproxy.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests/haproxy.pp')

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 5f70647..efbfedc 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -769,7 +769,7 @@ class tripleo::haproxy (
       'cookie'       => 'SERVERID insert indirect nocache',
       'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
       # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
-      'redirect'     => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+      'redirect'     => 'scheme https code 301 if !{ ssl_fc }',
       'option'       => [ 'forwardfor', 'httpchk' ],
       'http-request' => [
           'set-header X-Forwarded-Proto https if { ssl_fc }',
-- 
cgit 1.2.3-korg