diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp index 3c9734cd..b6b59741 100644 --- a/manifests/dashboard.pp +++ b/manifests/dashboard.pp @@ -73,6 +73,10 @@ # [*horizon_ca*] # (required with listen_ssl) CA certificate to use for SSL support. # +# [*ssl_forward*] +# (optional) Forward HTTPS proto in the headers +# Useful when activating SSL binding on HAproxy and not in Horizon. +# Defaults to false class cloud::dashboard( $ks_keystone_internal_host = '127.0.0.1', @@ -90,14 +94,21 @@ class cloud::dashboard( $horizon_cert = undef, $horizon_key = undef, $horizon_ca = undef, + $ssl_forward = false ) { # We build the param needed for horizon class $keystone_url = "${keystone_proto}://${keystone_host}:${keystone_port}/v2.0" # Apache2 specific configuration + if $ssl_forward { + $set_env_real = ['SetEnvIf X-Forwarded-Proto https HTTPS=1'] + } else { + $set_env_real = [] + } $vhost_extra_params = { - 'add_listen' => true + 'add_listen' => true, + 'setenv' => $set_env_real } ensure_resource('class', 'apache', { default_vhost => false diff --git a/spec/classes/cloud_dashboard_spec.rb b/spec/classes/cloud_dashboard_spec.rb index 54616317..665c48e7 100644 --- a/spec/classes/cloud_dashboard_spec.rb +++ b/spec/classes/cloud_dashboard_spec.rb @@ -32,6 +32,7 @@ describe 'cloud::dashboard' do :keystone_port => '5000', :debug => true, :api_eth => '10.0.0.1', + :ssl_forward => true, :servername => 'horizon.openstack.org' } end @@ -48,7 +49,10 @@ describe 'cloud::dashboard' do :keystone_url => 'http://keystone.openstack.org:5000/v2.0', :django_debug => true, :neutron_options => { 'enable_lb' => true }, - :vhost_extra_params => { 'add_listen' => true } + :vhost_extra_params => { + 'add_listen' => true , + 'setenv' => ['SetEnvIf X-Forwarded-Proto https HTTPS=1'] + } ) should contain_class('apache').with(:default_vhost => false) end