Merge "Replace rsprep directive with http-response replace-header"

2021-09-14 11:15:40 +00:00 · 2021-09-14 11:15:40 +00:00 · bb075ca80a
parent 71bc89e330 5a9b957a7e
commit bb075ca80a
3 changed files with 8 additions and 8 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -1308,7 +1308,7 @@ class tripleo::haproxy (
  }
  if $service_certificate {
    $heat_ssl_options = {
-      'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1",
+      'http-response' => "replace-header Location http://${public_virtual_ip}(.*) https://${public_virtual_ip}\\1",
    }
    $heat_listen_options = merge($default_listen_options, $heat_ssl_options, $heat_timeout_options)
    $heat_frontend_options = merge($default_frontend_options, $heat_ssl_options, $heat_timeout_options)
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@ -190,9 +190,9 @@ define tripleo::haproxy::endpoint (
    if $public_certificate {
      if $mode == 'http' {
        $tls_listen_options = {
-          'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
-          'redirect'     => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
-          'option'       => 'forwardfor',
+          'http-response' => 'replace-header Location http://(.*) https://\\1',
+          'redirect'      => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+          'option'        => 'forwardfor',
        }
        $listen_options_precookie = merge($tls_listen_options, $listen_options, $custom_options)
        $frontend_options_precookie = merge($tls_listen_options, $frontend_options, $custom_frontend_options)
--- a/manifests/haproxy/horizon_endpoint.pp
+++ b/manifests/haproxy/horizon_endpoint.pp
@ -129,11 +129,11 @@ class tripleo::haproxy::horizon_endpoint (
      "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public),
    }
    $horizon_frontend_options = {
-      'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
+      'http-response' => 'replace-header Location http://(.*) https://\\1',
      # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
-      'redirect'     => 'scheme https code 301 if !{ ssl_fc }',
-      'option'       => [ 'forwardfor' ],
-      'http-request' => [
+      'redirect'      => 'scheme https code 301 if !{ ssl_fc }',
+      'option'        => [ 'forwardfor' ],
+      'http-request'  => [
          'set-header X-Forwarded-Proto https if { ssl_fc }',
          'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
    }