From 4c8227ec8bb58d0259f04e26137f9312eecabd5c Mon Sep 17 00:00:00 2001
From: Dave McCowan <dmccowan@cisco.com>
Date: Tue, 12 Apr 2016 00:58:56 -0400
Subject: [PATCH] Add TLS to Kibana Web Interface

Use HAProxy to terminate a TLS connection on port 5601 for the
Kibana dashboard when TLS is enabled for Kolla. x-forwarded-for
and x-forwarded-proto headers are set to give Kibana the info it
needs to write returned URLs.

Change-Id: I03a2dd3a8e2513d38281b30bf4bae6449fec0316
Closes-bug: #1566117
---
 ansible/roles/haproxy/templates/haproxy.cfg.j2 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index 7968fa052e..72c52cab73 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -388,7 +388,9 @@ listen kibana
 {% if haproxy_enable_external_vip | bool %}
 
 listen kibana_external
-  bind {{ kolla_external_vip_address }}:{{ kibana_server_port }}
+  bind {{ kolla_external_vip_address }}:{{ kibana_server_port }} {{ tls_bind_info }}
+  http-request del-header X-Forwarded-Proto
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
   acl auth_acl http_auth(kibanauser)
   http-request auth realm basicauth unless auth_acl
 {% for host in groups['kibana'] %}