diff --git a/manifests/apache.pp b/manifests/apache.pp
index f8ec601..fc930c7 100644
--- a/manifests/apache.pp
+++ b/manifests/apache.pp
@@ -20,6 +20,8 @@
$content_base_url = "unix://${pulpcore::content_socket_path}|http://pulpcore-content"
$content_url = "${content_base_url}${content_path}"
+ $forwarded_proto_header = ['set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}']
+
$docroot_directory = {
'provider' => 'Directory',
'path' => $pulpcore::apache_docroot,
@@ -38,7 +40,7 @@
'request_headers' => [
'unset X-CLIENT-CERT',
'set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT',
- ],
+ ] + $forwarded_proto_header,
}
# Pulp has a default for remote header. Here it's ensured that the end user
@@ -65,7 +67,7 @@
'params' => $api_proxy_params,
},
],
- 'request_headers' => $api_default_request_headers + $api_additional_request_headers,
+ 'request_headers' => $api_default_request_headers + $api_additional_request_headers + $forwarded_proto_header,
}
# Static content is served by the whitenoise application. SELinux prevents
diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb
index bd53a21..85aa396 100644
--- a/spec/classes/pulpcore_spec.rb
+++ b/spec/classes/pulpcore_spec.rb
@@ -98,6 +98,7 @@
'request_headers' => [
'unset X-CLIENT-CERT',
'set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT',
+ 'set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}',
],
},
])
@@ -121,6 +122,7 @@
'request_headers' => [
'unset X-CLIENT-CERT',
'set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT',
+ 'set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}',
],
},
{
@@ -133,6 +135,7 @@
'request_headers' => [
'unset REMOTE-USER',
'unset REMOTE_USER',
+ 'set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}',
],
}
])
@@ -334,6 +337,7 @@
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+ RequestHeader set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
@@ -351,6 +355,7 @@
RequestHeader unset X-CLIENT-CERT
RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+ RequestHeader set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}
ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content disablereuse=on timeout=600
ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
@@ -358,6 +363,7 @@
RequestHeader unset REMOTE-USER
RequestHeader unset REMOTE_USER
+ RequestHeader set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}
ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/api/v3 timeout=600
ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api/pulp/api/v3
@@ -510,6 +516,7 @@
'request_headers' => [
'unset X-CLIENT-CERT',
'set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT',
+ 'set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}',
],
},
{
@@ -523,6 +530,7 @@
'unset REMOTE-USER',
'unset REMOTE_USER',
'set REMOTE-USER "admin" "expr=%{tolower:%{SSL_CLIENT_S_DN_CN}} == \'foreman.example.com\'"',
+ 'set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME}',
],
}
])