From ecd441269b1c16b7567615b23071bcfc49f398ce Mon Sep 17 00:00:00 2001
From: Evan Cordell <cordell.evan@gmail.com>
Date: Thu, 23 Feb 2017 18:13:02 -0500
Subject: [PATCH] Pass host to apostille (required for k8s ingress)

---
 conf/init/nginx_conf_create.sh  | 3 +++
 conf/nginx/server-base.conf.jnj | 1 +
 2 files changed, 4 insertions(+)

diff --git a/conf/init/nginx_conf_create.sh b/conf/init/nginx_conf_create.sh
index a6b3934ed..f2dc9724c 100755
--- a/conf/init/nginx_conf_create.sh
+++ b/conf/init/nginx_conf_create.sh
@@ -30,13 +30,16 @@ def generate_server_config(config):
   """
   if config:
     tuf_server = config.get('TUF_SERVER', None)
+    tuf_host = config.get('TUF_HOST', None)
     signing_enabled = config.get('FEATURE_SIGNING', False)
   else:
     tuf_server = None
+    tuf_host = None
     signing_enabled = False
 
   write_config('conf/nginx/server-base.conf',
                tuf_server=tuf_server,
+               tuf_host=tuf_host,
                signing_enabled=signing_enabled)
 
 
diff --git a/conf/nginx/server-base.conf.jnj b/conf/nginx/server-base.conf.jnj
index 05600d73d..469dba28d 100644
--- a/conf/nginx/server-base.conf.jnj
+++ b/conf/nginx/server-base.conf.jnj
@@ -83,6 +83,7 @@ location /secscan/ {
 location ~ ^/v2/(.+)/_trust/tuf/(.*)$ {
   set $upstream_tuf {{ tuf_server }};
   proxy_pass $upstream_tuf$uri;
+  proxy_set_header Host "{{ tuf_host }";
 }
 {% endif %}