From 158847f9b511ae5cb9f54618d41f92b38d342f1f Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Fri, 23 Nov 2018 21:49:46 +0100
Subject: [PATCH] OpenQA is non-HTTPS for backend, sadly

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 playbooks/include/proxies-reverseproxy.yml             |  2 ++
 .../httpd/reverseproxy/templates/reversepassproxy.conf | 10 +++++++++-
 roles/httpd/reverseproxy/vars/main.yml                 |  1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 1cf8f2fdb7..42d80885a5 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -321,6 +321,7 @@
     destname: openqa
     balancer_name: openqa
     balancer_members: ['openqa.qa.fedoraproject.org:80']
+    http_not_https_yes_this_is_insecure_and_i_feel_bad: true
     when: env == "production"
 
   - role: httpd/reverseproxy
@@ -328,6 +329,7 @@
     destname: openqa
     balancer_name: openqa-stg
     balancer_members: ['openqa-stg01.qa.fedoraproject.org:80']
+    http_not_https_yes_this_is_insecure_and_i_feel_bad: true
     when: env == "staging"
 
   - role: httpd/reverseproxy
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf
index 9cf062b245..bb7de302a1 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf
@@ -28,7 +28,11 @@ SSLProxyEngine On
 
 <Proxy "balancer://{{balancer_name}}-websocket">
   {% for member in balancer_members %}
+    {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
+    BalancerMember "ws://{{ member }}"
+    {% else %}
     BalancerMember "wss://{{ member }}"
+    {% endif %}
   {% endfor %}
 </Proxy>
 
@@ -39,7 +43,11 @@ RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
 
 <Proxy "balancer://{{balancer_name}}">
   {% for member in balancer_members %}
-    BalancerMember "https://{{ member }}"
+    {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
+    BalancerMember "http://{{ member }}"
+    {% else %}
+    BalancerMember "http://{{ member }}"
+    {% endif %}
   {% endfor %}
 </Proxy>
 ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
diff --git a/roles/httpd/reverseproxy/vars/main.yml b/roles/httpd/reverseproxy/vars/main.yml
index e68f93103b..7bf5f2354f 100644
--- a/roles/httpd/reverseproxy/vars/main.yml
+++ b/roles/httpd/reverseproxy/vars/main.yml
@@ -6,3 +6,4 @@ header_expect: false
 header_scheme: false
 keephost: false
 targettype: plain
+http_not_https_yes_this_is_insecure_and_i_feel_bad: false