proxies / reverseproxy: Try and clean up logic and whitespace.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

roles/httpd/reverseproxy/templates/reversepassproxy.conf

@@ -18,39 +18,40 @@ ProxyPreserveHost On
 {% endif %}
 
 {% if balancer_name is defined %}
-# This is using openshift or another thing we want to balance in httpd
+# This is something that wants a apache balancer
-{% if targettype == 'openshift' or if ( 'iad2' in inventory_hostname and ocp4|bool )  %}
+{% if 'iad2' in inventory_hostname %}
-# This is a openshift3 app on a proxy anywhere, or a openshift4 one only in iad2
+# This proxy is in iad2 and so we setup the balancer.
+# Non iad2 proxies just send a 421 for this application to avoid firefox h2 reuse bug
 SSLProxyEngine On
 
 {% if targettype is defined and targettype == "openshift" %}
-  SSLProxyVerify require
+SSLProxyVerify require
-  SSLProxyCheckPeerName Off
+SSLProxyCheckPeerName Off
-  {% if ocp4 and env == "production" %}
+{% if ocp4 and env == "production" %}
-  SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem"
+SSLProxyCACertificateFile "/etc/haproxy/ocp-prod.pem"
-  {% elif ocp4 and env == "staging" %}
+{% elif ocp4 and env == "staging" %}
-  SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem"
+SSLProxyCACertificateFile "/etc/haproxy/ocp-stg.pem"
-  {% else %}
+{% else %}
-  SSLProxyCACertificateFile "/etc/haproxy/os-master.pem"
+SSLProxyCACertificateFile "/etc/haproxy/os-master.pem"
-  {% endif %}
+{% endif %}
 {% endif %}
 
 <Proxy "balancer://{{balancer_name}}-websocket">
-  {% for member in balancer_members %}
+{% for member in balancer_members %}
-    {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
+{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
-      {% if remotepath is defined and remotepath != "/" %}
+{% if remotepath is defined and remotepath != "/" %}
-      BalancerMember "ws://{{ member }}{{ remotepath }}"
+BalancerMember "ws://{{ member }}{{ remotepath }}"
-      {% else %}
+{% else %}
-      BalancerMember "ws://{{ member }}"
+BalancerMember "ws://{{ member }}"
-      {% endif %}
+{% endif %}
-    {% else %}
+{% else %}
-      {% if remotepath is defined and remotepath != "/" %}
+{% if remotepath is defined and remotepath != "/" %}
-      BalancerMember "wss://{{ member }}{{ remotepath }}"
+BalancerMember "wss://{{ member }}{{ remotepath }}"
-      {% else %}
+{% else %}
-      BalancerMember "wss://{{ member }}"
+BalancerMember "wss://{{ member }}"
-      {% endif %}
+{% endif %}
-    {% endif %}
+{% endif %}
-  {% endfor %}
+{% endfor %}
 </Proxy>
 
 RewriteEngine on
@@ -62,22 +63,23 @@ RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
 RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
 
 <Proxy "balancer://{{balancer_name}}">
-  {% for member in balancer_members %}
+{% for member in balancer_members %}
-    {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
+{% if http_not_https_yes_this_is_insecure_and_i_feel_bad %}
-    BalancerMember "http://{{ member }}"
+BalancerMember "http://{{ member }}"
-    {% else %}
+{% else %}
-    BalancerMember "https://{{ member }}"
+BalancerMember "https://{{ member }}"
-    {% endif %}
+{% endif %}
-  {% endfor %}
+{% endfor %}
 </Proxy>
 ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
 ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
-{% elif ocp4|bool and not 'iad2' in inventory_hostname %}
+{% else %} 
-# This is a non iad2 proxy and an openshift4 app
+# This is a non iad2 proxy and an app that only exists in iad2
 # We do this to avoid a h2 connection reuse bug by firefox.
 Redirect 421 /
 {% endif %}
 {% else %}
+# This is an application that just goes to one url, not a balancer
 ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} {{ proxyopts }}
 ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
 {% endif %}