Merge "Define X-Forwarded-Proto for keystone"
This commit is contained in:
commit
ba9d685380
@ -255,10 +255,10 @@ keystone_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ inter
|
|||||||
#keystone_user_ssl_ca_cert: <path to cert on ansible deployment host>
|
#keystone_user_ssl_ca_cert: <path to cert on ansible deployment host>
|
||||||
|
|
||||||
# Set to true when terminating SSL/TLS at a load balancer
|
# Set to true when terminating SSL/TLS at a load balancer
|
||||||
keystone_external_ssl: false
|
keystone_external_ssl: "{{ (haproxy_ssl | default(True)) | bool }}"
|
||||||
|
|
||||||
# External SSL forwarding proto
|
# External SSL forwarding proto
|
||||||
keystone_secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
|
keystone_secure_proxy_ssl_header: X-Forwarded-Proto
|
||||||
|
|
||||||
## Override memcached_servers
|
## Override memcached_servers
|
||||||
keystone_memcached_servers: "{{ memcached_servers }}"
|
keystone_memcached_servers: "{{ memcached_servers }}"
|
||||||
|
@ -20,6 +20,12 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
|
|||||||
{% endif -%}
|
{% endif -%}
|
||||||
Header set X-Frame-Options "{{ keystone_x_frame_options | default ('DENY') }}"
|
Header set X-Frame-Options "{{ keystone_x_frame_options | default ('DENY') }}"
|
||||||
|
|
||||||
|
{% if (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
|
||||||
|
RequestHeader set {{ keystone_secure_proxy_ssl_header }} "https"
|
||||||
|
{% elif not (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
|
||||||
|
RequestHeader set {{ keystone_secure_proxy_ssl_header }} "http"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if keystone_ssl | bool and keystone_service_internaluri_proto == "https" -%}
|
{% if keystone_ssl | bool and keystone_service_internaluri_proto == "https" -%}
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
SSLCertificateFile {{ keystone_ssl_cert }}
|
SSLCertificateFile {{ keystone_ssl_cert }}
|
||||||
|
Loading…
Reference in New Issue
Block a user