Replace rsprep directive with http-response replace-header
Haproxy 2.4.x errors out when using rsprep directive:
<13>Sep 4 08:07:09 puppet-user: [NOTICE] (34) : path to executable is /usr/sbin/haproxy
<13>Sep 4 08:07:09 puppet-user: [ALERT] (34) : parsing [/etc/haproxy/haproxy.cfg20210904-13-18ckjh5:44] : The 'rsprep' directive is not supported anymore since HAProxy 2.1. Use 'http-response replace-header' instead.
<13>Sep 4 08:07:09 puppet-user: [ALERT] (34) : parsing [/etc/haproxy/haproxy.cfg20210904-13-18ckjh5:58] : The 'rsprep' directive is not supported anymore since HAProxy 2.1. Use 'http-response replace-header' instead.
<13>Sep 4 08:07:09 puppet-user: [ALERT] (34) : parsing [/etc/haproxy/haproxy.cfg20210904-13-18ckjh5:81] : The 'rsprep' directive is not supported
Tested with haproxy 2.4 and now the config is accepted by haproxy -c.
The rsprep directive has been removed in 2.1:
https://www.haproxy.com/blog/haproxy-2-1/#deprecated-configuration-options
Tested this by deploying an overcloud with tls-e and this patch and
verifying that tempest still works.
The config lines now look like the following:
http-response replace-header Location http://(.*) https://\1
http-response replace-header Location http://10.0.0.5(.*) https://10.0.0.5\1
Tested the horizon redirect is still working:
[stack@undercloud-0 ~]$ curl -v -L http://overcloud.localdomain:80/
* Trying 10.0.0.5:80...
* Connected to overcloud.localdomain (10.0.0.5) port 80 (#0)
> GET / HTTP/1.1
> Host: overcloud.localdomain
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< content-length: 0
< location: https://overcloud.localdomain/
Closes-Bug: #1942675
Change-Id: Ie29a03affbbf8d6d47a5c50ef1c17bab9847f460
(cherry picked from commit 5a9b957a7e
)
This commit is contained in:
parent
00f205b36f
commit
e83c472149
|
@ -1302,7 +1302,7 @@ class tripleo::haproxy (
|
|||
}
|
||||
if $service_certificate {
|
||||
$heat_ssl_options = {
|
||||
'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1",
|
||||
'http-response' => "replace-header Location http://${public_virtual_ip}(.*) https://${public_virtual_ip}\\1",
|
||||
}
|
||||
$heat_listen_options = merge($default_listen_options, $heat_ssl_options, $heat_timeout_options)
|
||||
$heat_frontend_options = merge($default_frontend_options, $heat_ssl_options, $heat_timeout_options)
|
||||
|
|
|
@ -190,9 +190,9 @@ define tripleo::haproxy::endpoint (
|
|||
if $public_certificate {
|
||||
if $mode == 'http' {
|
||||
$tls_listen_options = {
|
||||
'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
|
||||
'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
|
||||
'option' => 'forwardfor',
|
||||
'http-response' => 'replace-header Location http://(.*) https://\\1',
|
||||
'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
|
||||
'option' => 'forwardfor',
|
||||
}
|
||||
$listen_options_precookie = merge($tls_listen_options, $listen_options, $custom_options)
|
||||
$frontend_options_precookie = merge($tls_listen_options, $frontend_options, $custom_frontend_options)
|
||||
|
|
|
@ -129,11 +129,11 @@ class tripleo::haproxy::horizon_endpoint (
|
|||
"${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public),
|
||||
}
|
||||
$horizon_frontend_options = {
|
||||
'rsprep' => '^Location:\ http://(.*) Location:\ https://\1',
|
||||
'http-response' => 'replace-header Location http://(.*) https://\\1',
|
||||
# NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
|
||||
'redirect' => 'scheme https code 301 if !{ ssl_fc }',
|
||||
'option' => [ 'forwardfor' ],
|
||||
'http-request' => [
|
||||
'redirect' => 'scheme https code 301 if !{ ssl_fc }',
|
||||
'option' => [ 'forwardfor' ],
|
||||
'http-request' => [
|
||||
'set-header X-Forwarded-Proto https if { ssl_fc }',
|
||||
'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue