HAproxy / Horizon: keep header proto if using SSL in binding

If using SSL forwarding for Horizon endpoint, keep the HTTPS in headers with "X-Forwarded-Proto" parameter, using is-ssl ACL. Closes-bug #520
2014-06-26 00:15:44 +02:00 · 2014-06-26 00:15:44 +02:00 · 3b90a496fb
commit 3b90a496fb
parent 58fdc7dae6
2 changed files with 9 additions and 1 deletions
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@ -245,9 +245,16 @@ class cloud::loadbalancer(
      'balance' => 'leastconn' }
  } else {
    $horizon_httpchk = "httpchk GET  /${horizon_auth_url}  \"HTTP/1.0\\r\\nUser-Agent: HAproxy-${::hostname}\""
-    $horizon_options = {
+    if 'ssl' in $horizon_bind_options {
+      $horizon_options = {
+      'cookie'  => 'sessionid prefix',
+      'reqadd'  => 'X-Forwarded-Proto:\ https if { ssl_fc }',
+      'balance' => 'leastconn' }
+    } else {
+      $horizon_options = {
      'cookie'  => 'sessionid prefix',
      'balance' => 'leastconn' }
+    }
  }
  if $horizon_ssl_port {
    warning('horizon_ssl_port parameter is deprecated. Specify port with the horizon_port instead.')
--- a/spec/classes/cloud_loadbalancer_spec.rb
+++ b/spec/classes/cloud_loadbalancer_spec.rb
@ -393,6 +393,7 @@ describe 'cloud::loadbalancer' do
          'option'         => ["tcpka", "forwardfor", "tcplog", "httpchk GET  /  \"HTTP/1.0\\r\\nUser-Agent: HAproxy-myhost\""],
          'cookie'         => 'sessionid prefix',
          'balance'        => 'leastconn',
+          'reqadd'         => 'X-Forwarded-Proto:\ https if { ssl_fc }'
        },
        :bind_options => ['ssl', 'crt']
      )}