Checkmk-raw not redirecting to https behind a reverse proxy

CMK version: 2.4.0p20
OS version: EL9.7

I’m running checkmk-2.4.0p20 docker image with a nginx reverse proxy.

nginx is configured for TLS and forwards the required headers, ie:

X-Forwarded-Proto
X-Forwarded-For
X-Forwarded-Host
Host

My issue is when I hit the site with https://example.com/ it gets a redirect to http://example.com/mysite

Looking in the checkmk apache configuration, sites/mysite/etc/apache/conf.d/check_mk.conf I can see where it sets the environment variable “proto”, which defaults to http or https if the reverse proxy X-Forwarded-Proto is ‘https’

However, I don’t see anywhere the “proto” environment variable is used, hence I’m getting a redirect to http rather than https.

I verified X-Forwarded-Proto is being set and forwarded correctly by adding additional Apache logging to confirm.

The “fix” I found was to change:

RewriteRule ^/mysite(?|check_mk)$ /mysite/check_mk/ [R=302,L]

to include the proto, ie:

RewriteRule ^/mysite(?|check_mk)$ %{ENV:proto}://%{HTTP_HOST}/mysite/check_mk/ [R=302,L]

I know that having a reverse proxy in front of checkmk to handle TLS is a fairly common set up, but with the checkmk rewrites, I can’t see how it could ever have worked.

Can anyone enlighten me?

Strange that we would both hit the same issue within days, I wonder if something changed, but I have no frame as reference as I’m a new user

Anyway, I got around it in a little bit different way, with proxy_redirect:

    location / {
        proxy_pass {{ getenv "CHECKMK_PROXY_PASS" }};

        proxy_set_header Host              $http_host;
        proxy_set_header X-Forwarded-Host  $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl   on;
        proxy_set_header X-Forwarded-Port  $server_port;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;

        proxy_redirect http://$host:$server_port/ https://$host:$server_port/;
    }