diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf
index b0500a21c0..0520c3a862 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf
@@ -18,39 +18,40 @@ ProxyPreserveHost On
{% endif %}
{% if balancer_name is defined %}
-# This is using openshift or another thing we want to balance in httpd
-{% if targettype == 'openshift' or if ( 'iad2' in inventory_hostname and ocp4|bool ) %}
-# This is a openshift3 app on a proxy anywhere, or a openshift4 one only in iad2
+# This is something that wants a apache balancer
+{% if 'iad2' in inventory_hostname %}
+# This proxy is in iad2 and so we setup the balancer.
+# Non iad2 proxies just send a 421 for this application to avoid firefox h2 reuse bug
SSLProxyEngine On
{% if targettype is defined and targettype == "openshift" %}
- SSLProxyVerify require
- SSLProxyCheckPeerName Off
- {% if ocp4 and env == "production" %}
- SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem"
- {% elif ocp4 and env == "staging" %}
- SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem"
- {% else %}
- SSLProxyCACertificateFile "/etc/haproxy/os-master.pem"
- {% endif %}
+SSLProxyVerify require
+SSLProxyCheckPeerName Off
+{% if ocp4 and env == "production" %}
+SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem"
+{% elif ocp4 and env == "staging" %}
+SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem"
+{% else %}
+SSLProxyCACertificateFile "/etc/haproxy/os-master.pem"
+{% endif %}
{% endif %}
- {% for member in balancer_members %}
- {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
- {% if remotepath is defined and remotepath != "/" %}
- BalancerMember "ws://{{ member }}{{ remotepath }}"
- {% else %}
- BalancerMember "ws://{{ member }}"
- {% endif %}
- {% else %}
- {% if remotepath is defined and remotepath != "/" %}
- BalancerMember "wss://{{ member }}{{ remotepath }}"
- {% else %}
- BalancerMember "wss://{{ member }}"
- {% endif %}
- {% endif %}
- {% endfor %}
+{% for member in balancer_members %}
+{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
+{% if remotepath is defined and remotepath != "/" %}
+BalancerMember "ws://{{ member }}{{ remotepath }}"
+{% else %}
+BalancerMember "ws://{{ member }}"
+{% endif %}
+{% else %}
+{% if remotepath is defined and remotepath != "/" %}
+BalancerMember "wss://{{ member }}{{ remotepath }}"
+{% else %}
+BalancerMember "wss://{{ member }}"
+{% endif %}
+{% endif %}
+{% endfor %}
RewriteEngine on
@@ -62,22 +63,23 @@ RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
- {% for member in balancer_members %}
- {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
- BalancerMember "http://{{ member }}"
- {% else %}
- BalancerMember "https://{{ member }}"
- {% endif %}
- {% endfor %}
+{% for member in balancer_members %}
+{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
+BalancerMember "http://{{ member }}"
+{% else %}
+BalancerMember "https://{{ member }}"
+{% endif %}
+{% endfor %}
ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
-{% elif ocp4|bool and not 'iad2' in inventory_hostname %}
-# This is a non iad2 proxy and an openshift4 app
+{% else %}
+# This is a non iad2 proxy and an app that only exists in iad2
# We do this to avoid a h2 connection reuse bug by firefox.
Redirect 421 /
{% endif %}
{% else %}
+# This is an application that just goes to one url, not a balancer
ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} {{ proxyopts }}
ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
{% endif %}