From 3b90a496fbcb382cc5a7e46200b1dc5bfdc821db Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 26 Jun 2014 00:15:44 +0200 Subject: [PATCH] HAproxy / Horizon: keep header proto if using SSL in binding If using SSL forwarding for Horizon endpoint, keep the HTTPS in headers with "X-Forwarded-Proto" parameter, using is-ssl ACL. Closes-bug #520 --- manifests/loadbalancer.pp | 9 ++++++++- spec/classes/cloud_loadbalancer_spec.rb | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index ba3c64b1..ae25cb5d 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -245,9 +245,16 @@ class cloud::loadbalancer( 'balance' => 'leastconn' } } else { $horizon_httpchk = "httpchk GET /${horizon_auth_url} \"HTTP/1.0\\r\\nUser-Agent: HAproxy-${::hostname}\"" - $horizon_options = { + if 'ssl' in $horizon_bind_options { + $horizon_options = { + 'cookie' => 'sessionid prefix', + 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', + 'balance' => 'leastconn' } + } else { + $horizon_options = { 'cookie' => 'sessionid prefix', 'balance' => 'leastconn' } + } } if $horizon_ssl_port { warning('horizon_ssl_port parameter is deprecated. Specify port with the horizon_port instead.') diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 602c27a5..42ee6e28 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -393,6 +393,7 @@ describe 'cloud::loadbalancer' do 'option' => ["tcpka", "forwardfor", "tcplog", "httpchk GET / \"HTTP/1.0\\r\\nUser-Agent: HAproxy-myhost\""], 'cookie' => 'sessionid prefix', 'balance' => 'leastconn', + 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' }, :bind_options => ['ssl', 'crt'] )}