diff --git a/ansible/roles/haproxy/templates/haproxy_main.cfg.j2 b/ansible/roles/haproxy/templates/haproxy_main.cfg.j2
index 85b9d7642e5dace67c6305858d5b34355d4bde6e..6073f33815ec4a4f921229c1dd048d29e48608df 100644
--- a/ansible/roles/haproxy/templates/haproxy_main.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy_main.cfg.j2
@@ -13,7 +13,7 @@ global
         {% endfor %}
     {% endif %}
     stats socket /var/lib/kolla/haproxy/haproxy.sock group kolla mode 660
-    {% if kolla_enable_tls_external or kolla_enable_tls_internal | bool %}
+    {% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
     ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
     ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
     tune.ssl.default-dh-param 4096
diff --git a/ansible/roles/horizon/templates/horizon.conf.j2 b/ansible/roles/horizon/templates/horizon.conf.j2
index 957725249670c541c9e353969c457378a55adec9..b03bd4b403e2bf339b3e55a5a745f59c757cdcae 100644
--- a/ansible/roles/horizon/templates/horizon.conf.j2
+++ b/ansible/roles/horizon/templates/horizon.conf.j2
@@ -33,7 +33,8 @@ TraceEnable off
     </Location>
 </VirtualHost>
 
-{% if kolla_enable_tls_external or kolla_enable_tls_internal| bool %}
+{# FIXME(yoctozepto): enabling of either tls will break the other if not enabled too #}
+{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
 Header edit Location ^http://(.*)$ https://$1
 {% endif %}
 
diff --git a/ansible/roles/horizon/templates/local_settings.j2 b/ansible/roles/horizon/templates/local_settings.j2
index 868f0057df9d30c61ccff1a798d2a876485ae2f5..8e9b676be77f7fc5f379a127053a8c6fd593c54f 100644
--- a/ansible/roles/horizon/templates/local_settings.j2
+++ b/ansible/roles/horizon/templates/local_settings.j2
@@ -55,7 +55,7 @@ DATABASES = {
 #CSRF_COOKIE_SECURE = True
 #SESSION_COOKIE_SECURE = True
 
-{% if kolla_enable_tls_external or kolla_enable_tls_internal | bool %}
+{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 CSRF_COOKIE_SECURE = True
 SESSION_COOKIE_SECURE = True
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 838b1212dba75b38a04d2178b3ae244bc18e0bbe..2613710c30fe8b667e34002c30c25bd862e789c0 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -229,7 +229,7 @@ debug = {{ nova_logging_debug }}
 
 [wsgi]
 api_paste_config = /etc/nova/api-paste.ini
-{% if kolla_enable_tls_external or kolla_enable_tls_internal | bool %}
+{% if kolla_enable_tls_external | bool or kolla_enable_tls_internal | bool %}
 secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
 {% endif %}