Fix keystone_secure_proxy_ssl_header logic
Previous commit [1] introduced logic that breaks proper service
discovery. Now we're fixing logic, following next rules/assumptiuons:
+----------+---------+---------------+
| HAProxy | Apache | RequestHeader |
+----------+---------+-- ------------+
| non-SSL | non-SSL | http |
| non-SSL | SSL | http |
| SSL | SSL | https |
| SSL | non-SSL | https |
+----------+---------+---------------+
[1] 6fae2bdade
Change-Id: Ibf7759eea63b7150aeae655c10eccc69cd3417ea
This commit is contained in:
parent
e26aabe440
commit
33ee3fcb17
|
@ -20,9 +20,9 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
|
|||
{% endif -%}
|
||||
Header set X-Frame-Options "{{ keystone_x_frame_options | default ('DENY') }}"
|
||||
|
||||
{% if (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
|
||||
{% if (keystone_external_ssl | bool) %}
|
||||
RequestHeader set {{ keystone_secure_proxy_ssl_header }} "https"
|
||||
{% elif not (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
|
||||
{% else %}
|
||||
RequestHeader set {{ keystone_secure_proxy_ssl_header }} "http"
|
||||
{% endif %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue