HAproxy / Horizon: keep header proto if using SSL in binding

If using SSL forwarding for Horizon endpoint, keep the HTTPS in headers
with "X-Forwarded-Proto" parameter, using is-ssl ACL.

Closes-bug #520

manifests/loadbalancer.pp

@@ -245,10 +245,17 @@ class cloud::loadbalancer(
       'balance' => 'leastconn' }
   } else {
     $horizon_httpchk = "httpchk GET  /${horizon_auth_url}  \"HTTP/1.0\\r\\nUser-Agent: HAproxy-${::hostname}\""
+    if 'ssl' in $horizon_bind_options {
+      $horizon_options = {
+      'cookie'  => 'sessionid prefix',
+      'reqadd'  => 'X-Forwarded-Proto:\ https if { ssl_fc }',
+      'balance' => 'leastconn' }
+    } else {
       $horizon_options = {
       'cookie'  => 'sessionid prefix',
       'balance' => 'leastconn' }
     }
+  }
   if $horizon_ssl_port {
     warning('horizon_ssl_port parameter is deprecated. Specify port with the horizon_port instead.')
     $horizon_port_real = $horizon_ssl_port

spec/classes/cloud_loadbalancer_spec.rb

@@ -393,6 +393,7 @@ describe 'cloud::loadbalancer' do
           'option'         => ["tcpka", "forwardfor", "tcplog", "httpchk GET  /  \"HTTP/1.0\\r\\nUser-Agent: HAproxy-myhost\""],
           'cookie'         => 'sessionid prefix',
           'balance'        => 'leastconn',
+          'reqadd'         => 'X-Forwarded-Proto:\ https if { ssl_fc }'
         },
         :bind_options => ['ssl', 'crt']
       )}