dashboard: add ssl_forward support
Allow to configure Apache to forward HTTPS protocol in the headers. Useful when activating SSL binding on HAproxy and not in Horizon. Closes-bug #520
This commit is contained in:
		| @@ -73,6 +73,10 @@ | ||||
| # [*horizon_ca*] | ||||
| #   (required with listen_ssl) CA certificate to use for SSL support. | ||||
| # | ||||
| # [*ssl_forward*] | ||||
| #   (optional) Forward HTTPS proto in the headers | ||||
| #   Useful when activating SSL binding on HAproxy and not in Horizon. | ||||
| #   Defaults to false | ||||
|  | ||||
| class cloud::dashboard( | ||||
|   $ks_keystone_internal_host = '127.0.0.1', | ||||
| @@ -90,14 +94,21 @@ class cloud::dashboard( | ||||
|   $horizon_cert              = undef, | ||||
|   $horizon_key               = undef, | ||||
|   $horizon_ca                = undef, | ||||
|   $ssl_forward               = false | ||||
| ) { | ||||
|  | ||||
|   # We build the param needed for horizon class | ||||
|   $keystone_url = "${keystone_proto}://${keystone_host}:${keystone_port}/v2.0" | ||||
|  | ||||
|   # Apache2 specific configuration | ||||
|   if $ssl_forward { | ||||
|     $set_env_real = ['SetEnvIf X-Forwarded-Proto https HTTPS=1'] | ||||
|   } else { | ||||
|     $set_env_real = [] | ||||
|   } | ||||
|   $vhost_extra_params = { | ||||
|     'add_listen'    => true | ||||
|     'add_listen' => true, | ||||
|     'setenv'     => $set_env_real | ||||
|   } | ||||
|   ensure_resource('class', 'apache', { | ||||
|     default_vhost => false | ||||
|   | ||||
| @@ -32,6 +32,7 @@ describe 'cloud::dashboard' do | ||||
|         :keystone_port              => '5000', | ||||
|         :debug                      => true, | ||||
|         :api_eth                    => '10.0.0.1', | ||||
|         :ssl_forward                => true, | ||||
|         :servername                 => 'horizon.openstack.org' } | ||||
|     end | ||||
|  | ||||
| @@ -48,7 +49,10 @@ describe 'cloud::dashboard' do | ||||
|           :keystone_url        => 'http://keystone.openstack.org:5000/v2.0', | ||||
|           :django_debug        => true, | ||||
|           :neutron_options     => { 'enable_lb' => true }, | ||||
|           :vhost_extra_params  => { 'add_listen' => true } | ||||
|           :vhost_extra_params  => { | ||||
|               'add_listen' => true , | ||||
|               'setenv'     => ['SetEnvIf X-Forwarded-Proto https HTTPS=1'] | ||||
|           } | ||||
|         ) | ||||
|       should contain_class('apache').with(:default_vhost => false) | ||||
|     end | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Emilien Macchi
					Emilien Macchi