From cc8ad068ac7a7a5b859675e00456c4341fca196c Mon Sep 17 00:00:00 2001
From: Ryan O'Hara <rohara@redhat.com>
Date: Thu, 8 Jun 2017 10:09:10 -0500
Subject: [PATCH] Remove condition to match hdr(host) in haproxy redirect rule

The horizon proxy should redirect all HTTP requests to HTTPS,
regardless of the 'Host' field in the header. The current rule will
cause haproxy to redirect HTTP requests if the 'Host' field contains
the public virtual IP address. It will not redirect if the 'Host'
field contains a hostname, FQDN, etc.
---
 manifests/haproxy.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index 5f70647..78630ee 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -769,7 +769,7 @@ class tripleo::haproxy (
       'cookie'       => 'SERVERID insert indirect nocache',
       'rsprep'       => '^Location:\ http://(.*) Location:\ https://\1',
       # NOTE(jaosorior): We always redirect to https for the public_virtual_ip.
-      'redirect'     => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }",
+      'redirect'     => "scheme https code 301 if !{ ssl_fc }",
       'option'       => [ 'forwardfor', 'httpchk' ],
       'http-request' => [
           'set-header X-Forwarded-Proto https if { ssl_fc }',
-- 
2.9.3