From 673823f6e213e71b5c4626443c9aeef4407132a5 Mon Sep 17 00:00:00 2001
From: ramr <smitram@gmail.com>
Date: Tue, 9 Aug 2016 14:44:10 -0700
Subject: [PATCH] Set xff headers for reencrypt[ed] routes.

---
 images/router/haproxy/conf/haproxy-config.template | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/images/router/haproxy/conf/haproxy-config.template b/images/router/haproxy/conf/haproxy-config.template
index 87d006ae699d..fb7c2691a7af 100644
--- a/images/router/haproxy/conf/haproxy-config.template
+++ b/images/router/haproxy/conf/haproxy-config.template
@@ -322,6 +322,11 @@ backend be_secure_{{$cfgIdx}}
     {{ end }}
 
   timeout check 5000ms
+  http-request set-header X-Forwarded-Host %[req.hdr(host)]
+  http-request set-header X-Forwarded-Port %[dst_port]
+  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
+  http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
   cookie {{$cfg.RoutingKeyName}} insert indirect nocache httponly secure
     {{ range $serviceUnitName, $weight := $cfg.ServiceUnitNames }}
       {{ with $serviceUnit := index $.ServiceUnits $serviceUnitName }}