From 71f583ebe49b675964ff2471e449cd76e0275e2a Mon Sep 17 00:00:00 2001
From: Matt Bruzek <mbruzek@gmail.com>
Date: Thu, 23 Mar 2017 16:14:02 -0500
Subject: [PATCH] Adding more proxy options and header to nginx load-balancer.

---
 .../kubeapi-load-balancer/templates/apilb.conf   | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/cluster/juju/layers/kubeapi-load-balancer/templates/apilb.conf b/cluster/juju/layers/kubeapi-load-balancer/templates/apilb.conf
index 16fadf8871c..0cb18f58e72 100644
--- a/cluster/juju/layers/kubeapi-load-balancer/templates/apilb.conf
+++ b/cluster/juju/layers/kubeapi-load-balancer/templates/apilb.conf
@@ -8,7 +8,7 @@ upstream target_service {
 
 
 server {
-    listen 443;
+    listen 443 ssl http2;
     server_name {{ server_name }};
 
     access_log /var/log/nginx.access.log;
@@ -28,9 +28,17 @@ server {
       proxy_set_header        X-Real-IP $remote_addr;
       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header        X-Forwarded-Proto $scheme;
-      proxy_ssl_certificate {{ server_certificate }};
+      proxy_set_header        X-Forwarded-Proto-Version $http2;
+      proxy_set_header        Upgrade $http_upgrade;
+      proxy_set_header        Connection $http_connection;
+      proxy_set_header        X-Stream-Protocol-Version $http_x_stream_protocol_version;
+
+      proxy_ssl_certificate   {{ server_certificate }};
       proxy_ssl_certificate_key {{ server_key }};
-      proxy_pass https://target_service;
-      proxy_read_timeout  90;
+
+      add_header              X-Stream-Protocol-Version $upstream_http_x_stream_protocol_version;
+
+      proxy_pass              https://target_service;
+      proxy_read_timeout      90;
     }
 }