Comment 10 for bug 1537071

I looked into a situation where these two tests, test_web_index and test_web_listing_css, fail when running through HAproxy that terminates SSL. Here's what I found.

At a certain point, Tempest does GET on /v1/AUTH_fa4d5382f43b41d59f0fb51ef330077b/tempest-TestContainer-2075955620 without a trailing slash. The staticweb returns a 301 redirect with Location: http://10.0.0.101:13808/v1/AUTH_fa4d5382f43b41d59f0fb51ef330077b/tempest-TestContainer-2075955620/

Basically all it wants is to add the trailing slash. It does so by returning HTTPMovedPermanently(location=env['PATH_INFO']+'/'). The path_info at this point is just a path. Before the Response.__call__() returns, swob prepends the netloc to the location, and mistakenly uses the http: scheme.

The urllib3 then uses the Location from the redirect and attempts to talk HTTP to HAproxy that is listening with SSL. HApxoxy resets the connectin. The process repeats until urllib3 connection exhausts its retries.

The right fix needs the scheme to be correct in responses. It can either be set by staticweb (tempauth does that), or extracted from wsgi.url_scheme (which requires magic and may be impossible).