Config analyzer mentions for the “Secure GUI (HTTP)” check:
Please note that you have to set RequestHeader set X-Forwarded-Proto “https” in your system apache configuration to tell the Checkmk GUI about the SSL setup.
Couldn’t (shouldn’t?) this be included by default, using variables instead of the static string “https”? Like this for example:
<IfModule headers_module>
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
RequestHeader set X-Forwarded-SSL expr=%{HTTPS}
</IfModule>
either in each site’s ~/etc/apache/mode.conf
or globally, e.g. in /opt/omd/apache/proxy-https.conf
or similar.
This would then really reflect the actual status of http/https instead of just claiming to have https.