Include apache config for x-forwarded-proto

Config analyzer mentions for the “Secure GUI (HTTP)” check:

Please note that you have to set RequestHeader set X-Forwarded-Proto “https” in your system apache configuration to tell the Checkmk GUI about the SSL setup.

Couldn’t (shouldn’t?) this be included by default, using variables instead of the static string “https”? Like this for example:

<IfModule headers_module>
    RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
    RequestHeader set X-Forwarded-SSL expr=%{HTTPS}
</IfModule>

either in each site’s ~/etc/apache/mode.conf or globally, e.g. in /opt/omd/apache/proxy-https.conf or similar.

This would then really reflect the actual status of http/https instead of just claiming to have https.

1 Like

Thanks. I am currently on this whole topic for docs.checkmk.com. I’ll test it and discuss with developers/package maintainers.

2 Likes