Pass X-Forwarded-Proto for missing services

author Juan Antonio Osorio Robles <jaosorior@redhat.com>

Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)

committer Juan Antonio Osorio Robles <jaosorior@redhat.com>

Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)
author Juan Antonio Osorio Robles <jaosorior@redhat.com>
Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)
committer Juan Antonio Osorio Robles <jaosorior@redhat.com>
Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp

index 7c5ff39..28bd896 100644 (file)
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -773,6 +773,11 @@ class tripleo::haproxy (
        service_port      => $ports[neutron_api_port],
        ip_addresses      => hiera('neutron_api_node_ips', $controller_hosts_real),
        server_names      => hiera('neutron_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
        public_ssl_port   => $ports[neutron_api_ssl_port],
        service_network   => $neutron_network,
      }
@@ -917,6 +922,11 @@ class tripleo::haproxy (
        service_port      => $ports[ceilometer_api_port],
        ip_addresses      => hiera('ceilometer_api_node_ips', $controller_hosts_real),
        server_names      => hiera('ceilometer_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
        public_ssl_port   => $ports[ceilometer_api_ssl_port],
        service_network   => $ceilometer_network,
        member_options    => union($haproxy_member_options, $internal_tls_member_options),
@@ -930,6 +940,11 @@ class tripleo::haproxy (
        service_port      => $ports[aodh_api_port],
        ip_addresses      => hiera('aodh_api_node_ips', $controller_hosts_real),
        server_names      => hiera('aodh_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
        public_ssl_port   => $ports[aodh_api_ssl_port],
        service_network   => $aodh_network,
        member_options    => union($haproxy_member_options, $internal_tls_member_options),
@@ -955,6 +970,11 @@ class tripleo::haproxy (
        service_port      => $ports[gnocchi_api_port],
        ip_addresses      => hiera('gnocchi_api_node_ips', $controller_hosts_real),
        server_names      => hiera('gnocchi_api_node_names', $controller_hosts_names_real),
+      listen_options    => {
+          'http-request' => [
+            'set-header X-Forwarded-Proto https if { ssl_fc }',
+            'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
+      },
        public_ssl_port   => $ports[gnocchi_api_ssl_port],
        service_network   => $gnocchi_network,
      }
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Tue, 8 Nov 2016 11:22:13 +0000 (13:22 +0200)